Deloitte is the largest professional services network by revenue and number of professionals in the world and is considered one of the Big Four accounting firms along with EY (Ernest & Young), KPMG and PricewaterhouseCoopers (PWC). The company secured multi-million dollar deals in California and seven other states, based on promises of powerful anti-fraud technology and secure, scalable telecoms infrastructure.

In a presentation to the Kansas Department of Labor, in which it claimed to have prevented $100 billion in pandemic unemployment fraud, Deloitte touted “advanced AI-driven fraud detection,” as well as “identity proofing” to help “prevent unauthorized activity,” technologies that had been deployed across U.S. states for over a decade.

With its claims of being able to modernize and secure unemployment systems, according to the follow up report by Forbes, Deloitte was seen as the obvious choice to help states with the incoming tidal wave of Covid benefits applications for the $650 billion pot of pandemic welfare funds. “Deloitte was the only company that had a production-ready PUA system available,” said Kimberly Hall, director of the Ohio Department of Job and Family Services, in written testimony in May 2020.

For contracts in California, Colorado, Illinois, New Mexico, New York, Ohio,Virginia and Wisconsin, Deloitte either deployed tailored uFACTS systems or upgraded legacy infrastructure, and built up attached teleservices centers.

Those deals – worth at least a combined $370 million – contributed to Deloitte’s record $50 billion and $60 billion yearly revenues in 2021 and 2022. According to local government data, in states where Deloitte was either asked to help prevent fraud or ran the benefits system, there was as much as $21.2 billion in fraud. uFACTS systems alone saw up to $3.2 billion.

But in Ohio, as the price of the Deloitte contract spiraled, according to Forbes, so did the cost of the fraud. Starting at an initial $10 million in 2020, the Deloitte deal jumped to $122 million as of October 2022. Meanwhile, at least $166 million in fraudulent applications was paid out through the Deloitte system in the state fiscal year between July 2020 and June 2021, according to figures the state auditor provided to Forbes. But this data is incomplete: It does not take into account figures from the 2022 fiscal year, which are still being tallied, nor the $1.2 billion in benefits payments that have been flagged as potentially fraudulent and are still being adjudicated.

Despite Deloitte’s claims of advanced anti-fraud detection, the breach of the uFACTS system in Ohio was rudimentary and brazen, according to the search warrant reviewed by Forbes. One of the accused’s customers, in an interview with a Labor Department investigator, said the suspect was advertising her ability to remove fraud flags on Instagram, the warrant said. The suspect also successfully claimed unemployment under her own name, even though she was working for both the Ohio Department of Job and Family Services and the U.S. Postal Service at the time. Deloitte and its subcontractor Randstad, which was the direct employer of the suspect, did not detect her alleged crimes, which were first reported by an anonymous tipster.

In October last year, Brandi Hawkins, a teleservices representative with access to the Michigan unemployment system, was convicted of approving hundreds of fraudulent claims that led to the loss of $3.8 million in government funds. Deloitte noted in its report that Hawkins was able to remove fraud flags on the Michigan benefits database for weeks after her termination.

Unlike Hawkins, an unnamed suspect in an Ohio case also claimed to be able to get fraudulent applications approved in other states where she didn’t have direct access to the system, investigators said. According to the government, she was particularly successful in California, where Deloitte had deals worth a total of $88 million with the Employment Development Department (EDD) for Covid-19 benefits. In late 2020, the suspect’s customers had fraudulent applications approved in California, totalling over $50,000 in payouts from the West Coast state, Labor Department officers claimed. The same customers had already had fraud flags on applications in Ohio removed and been given a payout, according to the warrant, showing it was possible to file claims in multiple states under the same name and receive insurance checks.

Along with complaints that millions of calls to Deloitte-supported centers in California were going unanswered, assemblyman David Chiu told local media in March 2021, “Deloitte has continued to underperform.” The call centers, he added, were a “mess.”  In January 2021, in an assessment of the EDD’s work on Covid-19 benefits, the state auditor slammed the agency for failing to act promptly to prevent as much as $10.4 billion in potentially fraudulent unemployment payments. It highlighted an estimated $810 million paid out to incarcerated individuals who were ineligible for payouts. By October last year, the EDD’s own estimate for total lost to fraud stood at $20 billion.

Other states weren’t even able to put a figure on the amount of fraud perpetrated through their systems. In a similar deployment to Ohio, Illinois spent $14.3 million for a uFACTS setup and another $42.7 million to prop up attached call centers, according to government contract records. But the deployment was “inadequate” as it didn’t collect accurate data on PUA claims, according to state auditor Frank Mautino. He told Forbes, “We know that there was a large amount of fraud,” but it will have to wait until next year’s audit to get the requisite data to put a dollar amount on the criminal activity.

Deloitte’s woes with its Covid benefits contracts go right back to the early days of the pandemic. In May 2020, a mistake by Deloitte led to personal information of as many as 240,000 unemployment insurance applicants in Colorado, Illinois and Ohio leaking on government benefits websites. The company settled a class action suit over the breach for $4.95 million in 2021.