COVID UI Fraud Still Being Prosecuted in 2026: Illinois Tax Preparer Convicted in $11M Scheme

The Fraud That Won’t Go Away

Most Americans have moved on from the emergency COVID-19 relief programs that defined 2020 and 2021. The $600-a-week federal supplements are a memory. The CARES Act is a line in history books. But in federal courthouses across the country, the reckoning for what happened to that money is very much still ongoing.

On May 13, 2026, the Department of Justice announced a federal jury in the Northern District of Illinois had convicted Hiam Hmaidan, 54, of Orland Park, Illinois, on one count of conspiracy to commit mail fraud and five counts of mail fraud. Her crime: using her position as a tax preparer to file nearly 700 fraudulent unemployment insurance claims under her clients’ names — without their knowledge — stealing more than $11 million in COVID-19 pandemic relief funds.

She faces up to 20 years in federal prison. Sentencing is set for October 2, 2026.

Her case is not unusual. It is, in 2026, almost routine — and the volume of similar cases still in the pipeline is staggering.

How the Scheme Worked

Hmaidan’s operation was straightforward in its mechanics and devastating in its impact. From May 2020 through December 2022, she and co-conspirators exploited one of the most critical vulnerabilities in the pandemic relief architecture: tax preparers know everything about their clients.

As a tax preparer, Hmaidan had access to her clients’ Social Security numbers, addresses, dates of birth, and employment histories — exactly the personal information needed to file an unemployment insurance claim on someone else’s behalf. She used that access to submit fraudulent claims to COVID-19 unemployment assistance programs, without telling the clients their identities were being used.

The fraudulent benefits were loaded onto government-issued debit cards and mailed either directly to Hmaidan or to addresses she and her co-conspirators controlled. Once the cards arrived, they moved quickly: Hmaidan and her network withdrew approximately $2.8 million in cash from ATMs in the area where they lived, cycling the funds to make them harder to trace.

Nearly 700 false claims. Over $11 million in stolen benefits. Millions withdrawn in cash from neighborhood ATMs. The scheme ran for more than two years.

The Scale of COVID UI Fraud: $100 Billion and Counting

Hmaidan’s case is large by any individual measure, but it represents a fraction of a national fraud catastrophe that is only now being fully tallied.

During the pandemic, Congress authorized an unprecedented expansion of unemployment insurance. Programs like Pandemic Unemployment Assistance (PUA) extended benefits to gig workers, the self-employed, and independent contractors who normally would not qualify for UI — categories that had never been part of the unemployment system and for which state agencies had no verification infrastructure. States were told to pay quickly, prioritize speed, and worry about fraud detection later.

The result was a fraud wave unlike anything the unemployment system had ever seen.

Government oversight bodies now estimate that between $100 billion and $135 billion in pandemic unemployment benefits were lost to fraud. The Department of Labor’s Office of Inspector General has documented that less than 4% of that amount — roughly $5 billion — has been recovered.

To put $100 billion in perspective: it is more than the annual GDP of many countries. It is more than the entire annual budget of most federal agencies. It represents roughly one-third of all pandemic unemployment benefits paid out.

How the Schemes Worked at Scale

While Hmaidan used insider access as a tax preparer, the broader pandemic UI fraud ecosystem employed a range of tactics:

Identity theft at industrial scale. Criminal networks — many operating overseas — purchased stolen identity databases and used them to file thousands of claims simultaneously across multiple states. Some states received more fraudulent claims than legitimate ones in certain weeks.

Synthetic identity fraud. Scammers combined real Social Security numbers with fictitious names and fabricated employment histories to create “synthetic” identities that passed initial screening.

Insider threats. Like Hmaidan, some fraudsters exploited trusted professional positions — tax preparers, payroll processors, HR administrators — to access the personal data of real people and file claims without their knowledge.

Organized crime rings. Federal investigators have identified fraud networks operating across multiple states, coordinating claim submissions, managing debit card delivery logistics, and laundering proceeds through cryptocurrency, cash, and real estate.

Dead people and incarcerated individuals. State systems paid out benefits to deceased individuals and people serving prison sentences — populations with no legitimate claim to unemployment benefits — because verification systems were not updated fast enough to catch the filings.

Why Are Prosecutions Happening Years Later?

A common question: why is the DOJ convicting people in 2026 for crimes committed in 2020 and 2021? The answer involves both legal timelines and congressional action.

Federal fraud investigations take time. Building a mail fraud or wire fraud case requires financial forensics, subpoenas, analysis of debit card transaction records, ATM footage, IP address logs, and witness cooperation. A scheme as complex as Hmaidan’s — involving 700 false claims across multiple accounts — requires investigators to reconstruct hundreds of individual transactions.

The statute of limitations was extended. By early 2025, Congress was in a race against the clock. The standard statute of limitations for many fraud offenses is five years, meaning crimes committed in 2020 would begin expiring in 2025. Congress ultimately extended the statute of limitations for pandemic relief fraud, keeping thousands of additional cases eligible for prosecution.

The case volume is immense. As of early 2025, the DOJ reported 1,648 open, uncharged COVID-19 criminal matters and the Department of Labor’s OIG had logged over 157,000 open UI fraud hotline complaints. More than 2,075 individuals have been charged with UI fraud since March 2020, with over 1,050 search warrants executed. The Hmaidan conviction is one of thousands still being written.

Recent and Parallel Cases

Hmaidan’s conviction is part of a broader 2025–2026 prosecution wave:

• A Georgia man was convicted of $16 million in COVID-19 unemployment fraud using stolen identities obtained through dark web purchases
• Three defendants were sentenced for a $30 million COVID-19 unemployment fraud scheme spanning multiple states
• The DOJ has also pursued coordinated enforcement actions — days where multiple arrests are announced simultaneously across the country

If Your Identity Was Used Without Your Knowledge

One of the most disturbing aspects of pandemic UI fraud is that millions of Americans discovered they were victims only when they tried to file legitimate unemployment claims and were told benefits had already been paid in their name — or when a 1099-G tax form arrived for income they never received.

If you suspect your identity was used to file fraudulent unemployment claims:

1. Report to your state unemployment agency immediately. Every state has a fraud reporting system. Request that the fraudulent account be flagged and report that you did not file the claim.

2. File an identity theft report with the FTC at IdentityTheft.gov. The site walks you through a customized recovery plan, including how to dispute the fraudulent 1099-G with the IRS.

3. Contact the IRS if you received a 1099-G for unemployment benefits you didn’t receive. You can report fraudulent 1099-Gs directly to the IRS and will not owe taxes on income you didn’t actually receive — but you need to document the dispute.

4. Report to the Department of Labor OIG at 1-800-347-3756 or oig.dol.gov. The OIG specifically handles UI fraud complaints.

5. Place a fraud alert or credit freeze. If your Social Security number was used without consent for unemployment fraud, it may have been used or sold for other purposes as well. Contact Equifax, Experian, and TransUnion to place a fraud alert or security freeze on your credit file.

The Long Tail of Pandemic Fraud

The COVID-19 unemployment fraud story will not end in 2026. With over 1,600 uncharged federal cases still open and a new statute of limitations that extends the prosecution window, federal investigators will be working these cases well into the late 2020s.

Hiam Hmaidan’s conviction sends a message to everyone who believed COVID relief fraud was too widespread, too old, or too complex to ever result in prosecution: the DOJ is patient, and the statute clock has been reset. Nearly 700 families in Illinois had their identities weaponized without their consent. Eleven million dollars was stolen from a program designed to help Americans survive a national emergency.

The jury took that seriously. The DOJ intends to keep making similar arguments to juries across the country — for years to come.