Stealing diamonds from a bank safety deposit box is hard work. You have to be in Tom-Cruise-in-the-90s physical condition, own a black leather cat suit, and have an eccentric hacker friend. Or you could just get a job as a data-entry clerk at the Department of Revenue.
A heist doesn't have to be this hard.
When someone stops paying the rent on a jewelry-filled safety deposit box, or fails to pick up her last paycheck from an employer, the money and goods go to DOR. Since the department started collecting all that unclaimed cash and property in the Fifties, it has accumulated $750 million and filled a vault with jewelry, savings bonds and gift certificates, says spokesperson Mike Gowrylow. You can search for your name in an online database, file a request for your unclaimed cash and DOR will write you a check.
But according to the state Auditor's Office, fraudulently putting that money into your pocket takes no more than landing a job as a clerk and changing the information in the database to make it look like you're owed thousands of dollars or bags of diamonds.In its report released today, the Auditor's Office found 70 different jobs where someone could easily change the information in DOR's online database to make it appear the money belongs to someone else.
Some of those employees handle records as they are received from banks or businesses, others manually enter who is owed what into the online database, and additional people are able to change the amount that you are owed. And as the auditor noted, as long as a thief increased the amount going to himself while decreasing it from others, his hijinks "would go undetected as long as the total added up correctly."
Login IDs also aren't tracked, so if evidence of wrong-doing were discovered, there could be as many as 70 suspects. And the auditor found that original records from the businesses and institutions turning money over to DOR were destroyed after a year, so it would be impossible, once a record had been changed, to figure out who the money should be going to.
Gowrylow points out that the auditor didn't find evidence of anyone actually taking advantage of security weaknesses. So you'll have to act fast if you want to now. He says the department is following the auditor's advice and making it easier to track who is working in the database and will keep the original records for at least six years.