The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
As cybercriminals become more skilled, the privacy practices at many organizations have not kept apace. In the State Compendium of Unclaimed Property Practices that I’ve compiled, I found this to be the case at many state treasuries where the data exposed provides fraudsters with a crime exacta: claiming money that no one will ever miss and gathering various nuggets of personal data that can help facilitate other types of identity theft.
First, you have to understand what “unclaimed funds” are and how they work. Our states are responsible for ensuring unclaimed property makes it into the right hands. Twice a year, organizations like banks and insurance companies report uncollected payouts to their state’s Unclaimed Property Office. From there, the debt is published in a local newspaper, and if it remains unclaimed, the property (funds, stocks, commodities, etc.) has to be surrendered to the state for safekeeping until a claim is made.
Two years ago, there was a total of $58 billion in unclaimed property nationwide. In theory, it’s safe. You need to be able to identify yourself and go through a verification process to collect the money. However, because Social Security numbers and other personally identifiable information (PII) are increasingly easy to find on the dark web (and for public figures and celebrities, the Internet as a whole), consumers are faced with a potential fraud-frenzy not unlike the spike in stolen tax refunds of recent years. It takes a good deal of information for a fraudster to claim funds that rightfully belong to you, but the danger of PII on unclaimed funds sites cuts both ways – fraudsters can find out that you have unclaimed money and try to gather other information about you in order to claim it, or they can use the information from the unclaimed funds sites to build a dossier on you and target you for other scams.
This is not a hypothetical problem. Interestingly, the first explanations of the issue in a simple Google search (i.e., unclaimed funds identity theft) came not from a state treasury, but a site called Scambusters. One common scheme involves charging a fee to “locate” your unclaimed property. In the process, the swindler grabs personally identifiable information that can be used to commit identity theft. Stories about stolen unclaimed funds abound. In 2011, a Houston woman was convicted for stealing almost $500,000 in tax refunds and unclaimed funds. According to KHOU.com, “Officials said Thomas used public databases to locate the names of the people owed money, then used their personal information to claim the funds.” Texas scored a lone star in the compendium—the worst ranking here.
This has become an issue because of data breaches. News is still trickling out about the millions of federal employees whose personally identifiable information was exposed to hackers because of shoddy data security at the Office of Personnel Management. Between the breach at Anthem that leaked Social Security numbers and the Premera breach that leaked far more specific information (in addition to SSNs), almost 100 million records were stolen. The recent IRS revelation that fraudsters essentially walked through the digital front door and stole $50 million in tax refunds using information accessed in its “Get Transcript” application highlighted the need for more stringent processes at government agencies. That swindle, like so many others, was made possible by a seemingly never-ending string of breaches. The fraudsters had enough information to game the IRS verification process. The same approach could be used with unclaimed funds.
While I am focusing here on the state offices responsible for unclaimed funds, knock on any organization’s door these days and you will find data security and privacy issues.
According to some estimates, there are more (perhaps significantly more) than a billion records “out there.” Therefore, it is crucial that organizations entrusted with our personal information do everything possible to limit our exposure, especially when our money (as well as the integrity of our identities) is on the line.
The compendium found that more than half the country could be doing a better job. Thirty-six states had practices that exposed more personal information than was necessary—ranked “Not Good” (28) or “Bad” (8)—exposing various kinds of data that fraudsters can use to build the type of personal information dossier on an individual that facilitates the commission of identity theft.
For Consumers: Get your money now! Visit your state’s unclaimed property site as soon as possible to see if you have a claim, and if you do, go through the process before your evil twin does.
For States: Respect your fiduciary duty to protect us and expose less PII in the verification process.
How does your state measure up? Click here to read the full State Compendium of Unclaimed Property Practices.
Image: Photodisc
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams