Now WA Unemployment Filers Hit with Data Breach–ID Exposed?
According to the Washington State Auditor's Office, the suspected hack of a third party vendor used by the Auditor and Employment Security may have exposed the personal information of some 1.6 million Washington residents.
Auditor Pat McCarthy said in December, a third party vendor, Accellion, reported it had sustained a security breach in it's systems. McCarthy says the Auditor's office and ESD use Accellion services to help transmit files. According to a statement from the State Auditor's Office (SAO):
"SAO subsequently learned that the incident allowed unauthorized access to records stored temporarily in Accellion’s system during the file transfer process.
Based on investigations to date, the security incident happened on Dec. 25, when unauthorized access to numerous files held on the service provider’s system occurred. SAO’s use of this system ended on Dec. 31 for reasons unrelated to the incident. SAO first learned of the incident on Jan. 12, and immediately took action to determine what files might have been accessed by outside actors."
The people who could be affected are ones who filed for unemployment between January and December 2020, and also people whose identities were stolen in the Nigerian ESD scam could be compromised.
This new information comes on the heels of the Nigerian scam that cost the state hundreds of millions of dollars, and affected some 390,000 residents who were trying to file for unemployment. The State Auditor's office learned through investigations that ESD relaxed too many security protocols in trying to process claims quickly; so fast that most fraud prevention tools and precautions were turned off.
Suzy Levine, ESD Director, was not fired after the breach by Gov. Inslee, rather, she is leaving to take a similar position with the Biden Administration.
A variety of state and national law enforcement, security and cyber crime experts are investigating the breach and incident.
The Auditor's office stressed this was an attack on a third-party vendor and not the fault of ESD. Again, the breach occurred with a company used by the state to help transmit files and data.
To read the Auditor's official statement, click on the button below.