Kentucky unemployment website shutting down after massive cyberattack

Gov. Beshear updates vaccine rollout, COVID response in Kentucky
Updated: Apr. 8, 2021 at 3:44 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

FRANKFORT, Ky (FOX19) - Kentucky’s unemployment website will close temporarily beginning Thursday night due to a massive, sophisticated cyberattack on the UI system.

Gov. Andy Beshear and Kentucky Career Center General Counsel Amy Cubbage announced the four-day shutdown Thursday as a way to reset the system with stronger account security, including longer user PIN numbers.

“While this is a big step, given that this sophisticated attack could take money that was otherwise going to Kentuckians, it is a step we absolutely have to take,” Beshear said. “We can’t allow people to steal the state’s money and prevent those who are entitled to receive these dollars from getting the help they need.”

The shutdown will be in effect for the public-facing website until Monday night. Claimants will not be able to file new claims or request benefits during that time. Users will be able to access the site again Tuesday morning.

Kentucky’s internal unemployment system will still be operational, so claims processing will continue during the shutdown.

Claims filed after Monday can be back-dated, minimizing any interruption in the delivery of benefits.

Systems will be available on Tuesday to re-register or register for the first time through the new welcome pages at or through the KCC website

A letter will also go out to claimants sometime in the next day. Every claimant will have to re-register their account, as if for the first time, according to Cubbage.

Cubbage acknowledged the potential hardship and postal issues in sending the letter by mail, but said there isn’t a better way to go about it. “Hopefully everyone will have them in their mailboxes the day [the system] reopens or the day after,” she said.

Claimants will need to:

  • Create a new 12-character alphanumeric password;
  • Verify their email address and receive an access code through their email account;
  • Use the new 8-digit PIN they were mailed in the letter, which can be used in the telephone claims system as well; and
  • Review all the information on their account to make sure it’s correct.

If the last four digits of their bank account or routing number is not in their UI account, claimants will receive a paper check. Only new claimants can enter account information for the time being.

Active claimants will not need to file a new claim when the system is back up.

>> In-person unemployment appointments coming to Northern Kentucky

The temporary shutdown comes after an organized cyberattack in which criminal entities used automated systems to gain access to user accounts, particularly those with weak PIN numbers.

“Although the UI PINs are encrypted, it is possible for a person with enough computing power to guess an encrypted PIN by testing particularly weak or obvious four digit combinations,” said Cubbage.

“We had 3,995 users who used a PIN that was 1234, more than 1,500 users who set PINs that were 2020 and more than 1,200 users whose PINs were set to 1111.”

Criminal actors used these PINs to gain access to users’ accounts. Then they reset the PINs and tried to redirect bank account information, Cubbage explained.

Some 300,000 PINs were reset, though most of those were tied to inactive accounts. Currently, according to Cubbage, KYCC receives around 25,000 unemployment claims per week.

“What it takes to do one of these attack crimes is significant,” Beshear said. “The amount of server activity... this is an organized effort and not simply people sitting in a specific area. They’ve got full bot attacks churning this at such a high rate.”

Cubbage said KYCC doesn’t yet know if there was one criminal actor or many. Hypothetically, one group could have stolen the PINs, then repackaged and sold them to another group that went in and accessed the accounts.

Earlier this week, Beshear announced executive order creating the Kentucky Unemployment Insurance Fraud Detection and Prevention Task Force, which will coordinate between state and federal entities to detect, investigate, prosecute and prevent unemployment insurance fraud in Kentucky.

According to the governor’s office, the increase in fraudulent claims for unemployment insurance has been a national problem with more than $63 billion in fraudulent benefits paid out countrywide.

Cubbage said KYCC’s efforts to stop fraudulent claims and hacking attempts into the system takes time away from processing valid claims.

She added KYCC caught around 200,000 fake claims in February alone.

“The number-one issue we face in UI is the level of fraud and crime,” Beshear said.

See a spelling or grammar error in our story? Click here to report it. Please include title of story.

Copyright 2021 WXIX. All rights reserved.