Woman arrested for allegedly stealing and cashing her deceased sister's NYS Employees' Retirement System retirement benefit checks

On November 16, 2021, New York State Comptroller Thomas P. DiNapoli and Brooklyn District Attorney Eric Gonzalez announced the arrest of Latrenda Dixon for the alleged theft*of some $8,000 in retirement benefits sent to her deceased sister by the New York State Employees' Retirement System. 

Dixon, 52, of the Bronx is charged with illegally cashing 20 checks in Brooklyn for nearly $8,000 issued by the New York State and Local Retirement System to her deceased sister, Linda Dixon. She cashed the checks using her sister’s state employee ID at a check cashing location.

“Ms. Dixon attempted to scam the pension system by allegedly pretending to be her deceased sister,” DiNapoli said. “My thanks to District Attorney Gonzalez for his continued partnership in safeguarding the New York State and Local Retirement System.”

“Stealing from the state pension system is not a victimless crime; law abiding taxpayers end up paying the price,” said Brooklyn District Attorney Gonzalez. “I would like to thank State Comptroller DiNapoli for all of the work his agency did to bring this defendant to justice. We will now seek to hold her accountable for her alleged actions.”

Dixon was charged with grand larceny in the third and fourth degree; scheme to defraud in the first and second degree; identity theft in the first and second degree; 20 counts of criminal possession of a forged instrument in the first degree; 20 counts of criminal possession of a forged instrument in the second degree, and criminal possession of stolen property in the third and fourth degree.

She was arraigned in Kings County court and released without bail on her own recognizance. Dixon is due back in court Nov. 30, 2021.

This case was investigated by the Office of the State Comptroller’s Division of Investigations in partnership with the Brooklyn District Attorney’s Office.

The case is being prosecuted on behalf of the Brooklyn D.A.’s Office by Senior Assistant District Attorney Nicole Manini, of the District Attorney’s Green Zone Trial Bureau, under the Supervision of Assistant District Attorney Glenn Singer, Assistant District Attorney Sara Kurtzberg, and Assistant District Attorney Sasha Pemberton, Green Zone Deputy Bureau Chiefs. 

* N.B. These charges are accusations and the individual is presumed innocent unless and until proven guilty.

 

Per diem substitute teacher eligible to receive unemployment insurance benefits despite the school district's claim that she had not worked "the required 20 days as a substitute teacher"

A claimant [Claimant] for unemployment insurance benefits worked as a per diem substitute teacher for the City School District of the City of New York [NYCSD] during the 2017-2018 school year. She was paid only for the days she worked.

Claimant worked a total of 18 days during that school year, often declining per diem assignments due to conflicts with her other part-time job and other reasons. She last worked on June 25, 2018, the final day of school. On July 16, 2018, NYCSD advised Claimant that she was ineligible to serve as a substitute teacher in the 2018-2019 school year as she had not worked the required 20 days as a substitute teacher in the prior school year.

The Department of Labor determined that Claimant was eligible to receive benefits. NYCSD appealed, contending that Claimant "had provoked her discharge for failing to complete the required 20 days of per diem work."

After a hearing, an Administrative Law Judge and, thereafter, the Unemployment Insurance Appeal Board, affirmed the Labor Department's initial determination, finding that, as a per diem employee, Claimant's employment relationship with the school district ended on her last day of work, June 25, 2018. As such, Claimant did not have an employment relationship with at the time that she applied for benefits and thus could not be found to have provoked her discharge or voluntarily quit.

NYCSD appealed the Board's determination but the Appellate Division sustained the Board's ruling, explaining that as there is substantial evidence supporting the Board's determination, it must be affirmed.

The narrow issue presented was whether the Board correctly determined that Claimant, a per diem employee who was last employed by NYCSD on June 25, 2018, did not thereafter cause her discharge or voluntarily quit by not pursuing avenues to renew her per diem eligibility nor did NYCSD establish that it was compelled to discontinue Claimant's status as a per diem teacher on that basis.

Accordingly, the Appellate Division found that Claimant was entitled to the unemployment insurance benefits awarded to her by the Labor Department and that the wages paid to her by NYCSD can be used to establish a future claim for benefits.

Click HEREto access the Appellate Division's ruling.

New York State needs to improve cybersecurity support to local governments and public authorities

In a letter dated November 12, 2021, New York State Comptroller Thomas P. DiNapoli advised the New York State's Division of Homeland Security and Emergency Services [DHSE] that his audit of its operation indicates that DHSES cannot assure the critical cybersecurity support they are providing to state agencies, local governments, and public authorities through their Cyber Incident Response Team [CIRT] to achieve the desired outcomes or is targeting the appropriate customers and their needs.

Essentially, the audit reports that the agency responsible for providing cybersecurity help to 2,800 public entities responds to attacks lacks strategies for preventing them.

“New York’s Cyber Incident Response Team plays a vital role in safeguarding our infrastructure and critical data against cybersecurity threats,” DiNapoli said. “There are a lack of forward-thinking strategies, widespread training, and specific and measurable objectives that are critical in assessing progress. Additionally, the agency needs to be more proactive. As cybersecurity attacks continue to rise, I encourage the state’s Division of Homeland Security and Emergency Services to take quick action on this urgent issue.”

The recent passage of the federal Infrastructure Investment and Jobs Act underscores how critical strengthening cybersecurity is across New York. The legislation will provide much needed funding for local governments to modernize and protect their networks against future cyberattacks. In New York, cyberattacks have impacted public entities large and small, including reported attacks at state agencies; 911 systems; counties including Albany, Chenango, Erie, Nassau, Schenectady and Schuyler; cities including New York, Buffalo, Yonkers, Long Beach and Olean; towns including Brookhaven, Ulster, Canandaigua and Moreau; as well as school districts like Buffalo Public Schools and Guilderland Central School District.

Cyberattacks pose a fiscal risk and can have significant impacts on the public when they target public authorities and local governments, including water systems, utilities, airports, schools and health care facilities. For example, a 2019 ransomware cyberattack on the City of Albany cost the city roughly $300,000 because of destroyed servers, the cost to upgrade user security software, the purchase of firewall insurance and the performance of other improvements to firm up the city’s systems.

Cybercrimes, including phishing remain on a troubling rise and reach far beyond New York. Between 2019 and 2020, complaints of cyberattacks increased by 110%, from 114,702 in 2019 to 241,342 in 2020, according to the Federal Bureau of Investigation.

The rise in cybercrimes across our state highlight how vulnerable local governments are and presents CIRT with an opportunity to implement solutions ahead of future attacks. Between May 2018 and December 2020, CIRT responded to 122 cyberattacks statewide, including 39 phishing incidents, 23 ransomware attacks and incidents of compromised accounts.

Although it is responding to incidents, CIRT has not made enough progress when it comes to proactively evaluating the cybersecurity needs of the agencies it assists and measuring its progress in improving security. Its activities have only reached a fraction of the 2,800 entities it is responsible for. For example, despite acknowledging the need for specific training on how to detect phishing and prevent ransomware attacks, CIRT only provided five training sessions on phishing emails between July 2020 and March 2021.

Between August 2019 and December 2020, CIRT conducted just 11 risk assessments at counties and other local government entities, upon request by those entities. It also held or participated in 32 training sessions and 13 tabletop exercises, which stimulate discussion of various issues regarding a hypothetical situation, for county Boards of Elections, critical infrastructure, and transportation authorities to test whether they were prepared for a cyber incident emergency. 

DiNapoli’s audit also noted that most of CIRT’s activity is on a by-request basis or when areas of need are identified. Failure to conduct proactive outreach limits the ability to evaluate the needs of the entities in its purview and effectively prevent cyberattacks.

Officials said that they did not do surveys or collect data to see how many of the entities it covers have undertaken their own training. Without clear goals and documentation of security needs and progress officials cannot be assured their work is achieving the desired outcomes, if it is focused where public entities most need help, and if its limited resources are being used to the greatest benefit of the entities it was created to support.

DiNapoli offered several recommendations, including that DHSES:

Develop specific, measurable objectives and quantifiable, attainable goals, along with associated reporting mechanisms, to allow CIRT to evaluate if it is achieving its mission.

Take steps to determine the cybersecurity needs of the agencies, local governments, and public authorities CIRT is charged with supporting.

DHSES generally disagreed with the audit’s recommendations. CIRT officials stated that it has developed a sound and effective cybersecurity program that delivers valuable services to the entities they support. The agency’s full response is included in the audit.

Click HERE to access the Cyber Incident Response Team Report 2020-S-58.

New York State needs to improve cybersecurity support to local governments and public authorities

In a letter dated November 12, 2021, New York State Comptroller Thomas P. DiNapoli advised the New York State's Division of Homeland Security and Emergency Services [DHSE] that his audit of its operation indicates that DHSES cannot assure the critical cybersecurity support they are providing to state agencies, local governments, and public authorities through their Cyber Incident Response Team [CIRT] to achieve the desired outcomes or is targeting the appropriate customers and their needs.

Essentially, the audit reports that the agency responsible for providing cybersecurity help to 2,800 public entities responds to attacks lacks strategies for preventing them.

“New York’s Cyber Incident Response Team plays a vital role in safeguarding our infrastructure and critical data against cybersecurity threats,” DiNapoli said. “There are a lack of forward-thinking strategies, widespread training, and specific and measurable objectives that are critical in assessing progress. Additionally, the agency needs to be more proactive. As cybersecurity attacks continue to rise, I encourage the state’s Division of Homeland Security and Emergency Services to take quick action on this urgent issue.”

The recent passage of the federal Infrastructure Investment and Jobs Act underscores how critical strengthening cybersecurity is across New York. The legislation will provide much needed funding for local governments to modernize and protect their networks against future cyberattacks. In New York, cyberattacks have impacted public entities large and small, including reported attacks at state agencies; 911 systems; counties including Albany, Chenango, Erie, Nassau, Schenectady and Schuyler; cities including New York, Buffalo, Yonkers, Long Beach and Olean; towns including Brookhaven, Ulster, Canandaigua and Moreau; as well as school districts like Buffalo Public Schools and Guilderland Central School District.

Cyberattacks pose a fiscal risk and can have significant impacts on the public when they target public authorities and local governments, including water systems, utilities, airports, schools and health care facilities. For example, a 2019 ransomware cyberattack on the City of Albany cost the city roughly $300,000 because of destroyed servers, the cost to upgrade user security software, the purchase of firewall insurance and the performance of other improvements to firm up the city’s systems.

Cybercrimes, including phishing remain on a troubling rise and reach far beyond New York. Between 2019 and 2020, complaints of cyberattacks increased by 110%, from 114,702 in 2019 to 241,342 in 2020, according to the Federal Bureau of Investigation.

The rise in cybercrimes across our state highlight how vulnerable local governments are and presents CIRT with an opportunity to implement solutions ahead of future attacks. Between May 2018 and December 2020, CIRT responded to 122 cyberattacks statewide, including 39 phishing incidents, 23 ransomware attacks and incidents of compromised accounts.

Although it is responding to incidents, CIRT has not made enough progress when it comes to proactively evaluating the cybersecurity needs of the agencies it assists and measuring its progress in improving security. Its activities have only reached a fraction of the 2,800 entities it is responsible for. For example, despite acknowledging the need for specific training on how to detect phishing and prevent ransomware attacks, CIRT only provided five training sessions on phishing emails between July 2020 and March 2021.

Between August 2019 and December 2020, CIRT conducted just 11 risk assessments at counties and other local government entities, upon request by those entities. It also held or participated in 32 training sessions and 13 tabletop exercises, which stimulate discussion of various issues regarding a hypothetical situation, for county Boards of Elections, critical infrastructure, and transportation authorities to test whether they were prepared for a cyber incident emergency. 

DiNapoli’s audit also noted that most of CIRT’s activity is on a by-request basis or when areas of need are identified. Failure to conduct proactive outreach limits the ability to evaluate the needs of the entities in its purview and effectively prevent cyberattacks.

Officials said that they did not do surveys or collect data to see how many of the entities it covers have undertaken their own training. Without clear goals and documentation of security needs and progress officials cannot be assured their work is achieving the desired outcomes, if it is focused where public entities most need help, and if its limited resources are being used to the greatest benefit of the entities it was created to support.

DiNapoli offered several recommendations, including that DHSES:

Develop specific, measurable objectives and quantifiable, attainable goals, along with associated reporting mechanisms, to allow CIRT to evaluate if it is achieving its mission.

Take steps to determine the cybersecurity needs of the agencies, local governments, and public authorities CIRT is charged with supporting.

DHSES generally disagreed with the audit’s recommendations. CIRT officials stated that it has developed a sound and effective cybersecurity program that delivers valuable services to the entities they support. The agency’s full response is included in the audit.

Click HERE to access the Cyber Incident Response Team Report 2020-S-58.