SACRAMENTO (CBS13) — A year and a half after a scathing EDD audit that was prompted by a CBS13 investigation, the California State Auditor revealed Thursday that the Employment Development Department (EDD) has not complied with the auditor’s recommendations and has potentially compromised millions of people amid the pandemic.
CBS13 first exposed that the EDD was violating state law, and putting millions at risk of identity theft by compromising social security numbers (SSNs), five years ago.READ MORE: Local World War II Hero Has Yet To Be Cremated, Months After Death
Follow Our Continuing Coverage
CBS13 Investigates EDD Identity Theft Concerns
At the time, an EDD spokesperson told CBS13 Investigative Reporter Julie Watts that the agency was exempt from the state law that prohibited mailing SSNs.
“They are required to comply with the law,” Margarita Fernandez, Cheif of Public Affairs for the State Auditor, clarified Thursday.
The California State Auditor’s update revealed that the EDD continues to break the law and that the agency has mailed more than 38 million documents with full social security numbers since the start of the pandemic alone.
Most were printed on one of just three forms that the agency was supposed to have redacted before March 2020. Incidentally, that was the month that California unemployment claims skyrocketed amid the pandemic.
If they had complied before the COVID-unemployment spike, “millions may not have been compromised,” Fernandez said.
Thursday’s report was an update to last year’s EDD audit. That audit was prompted by our multi-year investigation. It led to a 2018 Joint Legislative Hearing, the 2019 audit, and a new state law in 2020.
Follow Our Continuing Coverage: CBS13 Investigates EDD Identity Theft Concerns
Thursday’s audit update noted that many Californians were caught up in the recent EDD mail fraud amid the pandemic. CBS13 obtained internal EDD data with more than 30,000 potentially fraudulent addresses where people’s sensitive documents may have been sent to strangers.READ MORE: International Women's Day: Celebrating Women In The Air Force
The audit update cited that fraud as one of the many identity theft risks that could have been prevented if EDD had complied with the audit recommendations and redacted SSNs from just their three highest volume forms, before the March 2020 deadline.
For the first time, the auditor revealed what that mail fraud looks like from behind the EDD’s closed doors. The audit updated included photos of rooms full of mail that had been returned to the EDD.
Much of it is believed to be claims that were filed by identity thieves in other people’s names or claims that had been redirected by thieves in an attempt to intercept sensitive documents and benefits.
The audit update also found that the EDD’s previous solution for removing social security numbers is no longer viable now that their IT modernization project is on hold.
The new law has a 2023 deadline for EDD, and all state agencies, to remove social security numbers from mailed documents. It’s not clear if EDD will be able to comply with the law. The agency did not respond to our request for comment.
EDD provided the following response to the auditor:
“One of EDD’s priorities is to replace claimants’ SSNs from the top three high-volume unemployment forms with another unique identifier. We acknowledge and appreciate the urgency of the Auditor’s timeline, and although we are admittedly behind schedule, we continue to diligently work to protect the identities of those we serve.”
Follow Our Continuing Coverage
CBS13 Investigates: EDD Identity Theft Concerns
NOTE: CBS13 Investigative Reporter Julie Watts was based at the CBS San Francisco station (KPIX) when this investigation began and has continued the work after moving to CBS Sacramento. The stories have aired on CBS stations across California.