Kansas Identity Theft Spike Could Be Linked to Data Breach

Written by

The state with the highest identity theft rate in the country may have been impacted by a Department of Labor data breach.

According to new data released by the Federal Trade Commission (FTC), the reported rate of identity theft in Kansas in 2020 was higher than that of any other state and more than three times greater than the national average. 

Last year, 43,211 Kansans informed the FTC that someone had stolen or attempted to steal their identity, a year-on-year increase of 1,802%.

KWCH reports that Kansas lawmakers are investigating the possibility of a connection between the surge in identity theft and an alleged data breach at the Kansas Department of Labor (KDOL). 

An investigation into a possible breach was launched after a woman named Lisa Hirst accidentally entered the wrong Social Security number into the KDOL website in February and was shown someone else's personal information. 

“I can’t be the only one who found this," said Hirst. “I mean, it was so easy to do, and I didn’t even mean to.”

A February report from the Kansas Legislative Post Audit Division stated that just under a quarter ($600m) of the roughly $2.6bn Kansas paid in state and federal unemployment benefits in 2020 could have been fraudulent.

In its own statement, KDOL put the figure lost through fraudulent claims at $290m. 

"LPA did not use the data available to them and instead chose to use a flawed methodology that fundamentally misunderstands KDOL’s fraud prevention process,” said KDOL.

Representative Stephen Owens said that a link between the possible data breach exposed by Hirst and the rise in fraudulent claims might explain a lot.

“Now that this information has been brought to light, it actually, it helps me understand what might actually be going on,” said Owens.

“Originally when we were questioning the fraud department, they were referring back to the Experian and Equifax breach of data a few years back, and possibly that data was sold on the dark web that those Social Security numbers were being utilized to manipulate our system. But if it’s as easy as (Hirst) has found it to be, then there wouldn’t even require any purchase on the dark web; the information is just there and it’s just a click away."

What’s hot on Infosecurity Magazine?