KY unemployment insurance system temporarily shuts down after account break-ins


FRANKFORT, KY (WOWK) – Kentucky’s unemployment insurance system will be shutting down until its public-facing system for four days beginning at midnight April 9 due to recent fraudulent activity. The system will reopen on the morning of Tuesday, April 14.

Amy Cubbage, General Counsel for the Kentucky Office of Unemployment Insurance says Kentuckians will not be able to file new claims or request benefits during this time, but the organization will be able to backdate claims for those who need to file or ask for benefits while the system is shut down.

“The criminal cyber-attacks are massive, not just here, but all over the United States. And they’ve moved from hoping to get lucky to trying to directly steal the money from people who qualify and are being paid,” Kentucky Governor Andy Beshear said.

On Friday, the Kentucky OUI announced it was temporarily stopping unemployment insurance claimants from making changes to bank account information on file with the state to prevent fraudulent claims. The Kentucky OIU said Friday it had been contacted by legitimate claimants saying unauthorized changes had been made to their bank accounts in recent days.

Cubbage says this same plan of shutting down the UI system, putting it on new controls and bringing it back up stopped nearly 240,000 attempted hacks and fraudulent claims in Kansas in the first few weeks alone. She also cited Illinois, Vermont, Colorado, Ohio, and Washington as other states that have had major issues with fraudulent claims.

“They are not going to stop and they are getting more sophisticated, and as I said, relentless,” Cubbage said.

Cubbage says part of this breach comes the use of PINs such as “1111,” “1234,” and “2020” that are easy for criminals to guess. says the office found nearly 4,000 accounts with the PIN “1234” and 1,500 with the PIN “2020.”

“When you’ve got a pin like that, it’s easy for a computer criminal to set up a program that allows you to try that pin across all of the accounts,” Cubbage said.

The Kentucky OUI says the recent attack involved cyber criminals making attempts to figure out claimants PINs, resetting those PINs and then redirecting bank account information. Approximately 300,000 PINs, including for inactive claimants from last year and several years ago, were reset.

While this instance focused more on claimants’ PINs and changing bank account information, Cubbage said fraudulent claims are also still an issue with the office finding nearly 200,000 fake claims filed in February alone.

According to the Kentucky OUI, when the systems are available again on Tuesday, everyone will have to re-register their accounts as if for the first time, even if they have done so recently on the new portal.

All active UI claimants will be mailed a letter containing a new eight-digit pin they will need to use for their account the first time they log in. The telephone claiming system will also use this pin.

Other steps claimants will need to take to better protect accounts include using 12-character passwords that must include a mixture of letters, numbers and special characters. Claimants will need to use two-factor authentication by verifying their email addresses and receiving an access code through their email accounts and putting that access code into the website.

Once re-registered, Cubbage says claimants will need to review their account information to make sure it is correct. If the information is incorrect, claimants can request a paper check while bank account changes are suspended.

Cubbage says claimants will not need to file new claims. Once the claimant re-registers, the system will associate them with their existing claim.

“The number one issue we now face in UI is fraud and crime,” Beshear said. “It makes it a lot harder to find the real claims when they are covered up by the number of fraudulent ones.”

Cubbage says the office will be filing a data breach notification, however, there is no evidence any data was taken from the system.

“We don’t have any evidence that data was taken from the system, but because your information might have been accessed, in an effort to be completely clear and transparent, we’re going to do this notification and provide you information that you need to protect yourselves,” Cubbage said.

According to Cubbage, the Kentucky OUI’s internal systems will still remain operational during this time and they will be processing claims and doing work on their end of the system.

For local and breaking news, weather alerts, video and more, download the FREE WOWK 13 News App from the Apple App Store or the Google Play Store.

Copyright 2021 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Download the FREE WOWK 13 News App

Washington DC Bureau

More Washington DC Bureau

Don't Miss

Trending Stories