Identity thieves stole over $6 million in Social Security benefits by hacking the government's online direct deposit program, an agency watchdog reported.
The Social Security Administration's inspector general released an audit finding the agency's "my Social Security" program has put roughly $11 million in benefits into the wrong bank accounts.
My Social Security was created in 2012 and allows beneficiaries to set up direct deposit accounts for their retirement and disability payments. Identity thieves soon began abusing the system.
"In January 2013, the Agency enhanced my Social Security to allow individuals to change their direct deposit bank information," the inspector general said. "Shortly after SSA made this change, the Agency and the Office of the Inspector General began receiving fraud allegations related to unauthorized direct deposit changes."
Since 2014, $10.9 million in benefit payments made to 7,200 individuals were deposited into the wrong accounts. Of that, $6.2 million were stolen and never recovered by the government.
"SSA noted that, generally, financial institutions only return misdirected funds to the Department of the Treasury when the funds are still in the bank account," the inspector general said. "Financial institutions cannot return misdirected funds that are no longer in a bank account."
In the first year of the direct deposit service in 2013, $20 million went to the wrong accounts, and the agency did not recover $9 million.
The number of payments being deposited into wrong accounts is declining, with only 553 individuals with misdirected benefits last year, down from over 2,100 in 2015.
"We also estimated SSA prevented about $14.1 million in benefits from being misrouted from about 11,900 beneficiaries whose direct deposit bank account was changed without their authorization," the inspector general said.