Data of 1.6 million who filed for unemployment may have been exposed in breach
UPDATE: This story initially said the personal information of 1.6 million people was at risk. The Auditor’s Office clarified Monday that it is data from 1.6 million claims that likely belonged to more more than 1 million people.
The personal information contained in 1.6 million unemployment claims in 2020 may have been exposed in an attack on a third-party service provider used by the Washington State Auditor’s Office, according to a Monday announcement.
The State Auditor’s Office used the third-party provider, Accellion, “for services to transmit files,” according to a press release. The office learned last month that unauthorized access to records temporarily stored in Accellion’s system during file transfers was allowed during a security breach in December, according to the release.
Law enforcement and the Attorney General’s Office have been notified, according to the Auditor’s Office, along with other state agencies and local governments believed to be at risk.
Data the Auditor’s Office believes was affected includes personal information of people who filed for unemployment between Jan. 1 and Dec. 10 of last year. That group includes state employees and people whose identities were used to file fraudulent claims early in 2020.
The office was reviewing claims data as part of an audit of that fraud, which resulted in about $600 million in losses — it included “the person’s name, social security number and/or driver’s license or state identification number, bank information, and place of employment.”
The Auditor’s Office believes a smaller group of people with personal data held by the Department of Children, Youth and Families also are affected, as well as “non-personal financial and other data from local governments and state agencies.”
“I know this is one more worry for Washingtonians who have already faced unemployment in a year scarred by both job loss and a pandemic,” a prepared statement from State Auditor Pat McCarthy reads. “I am sorry to share this news and add to their burdens. This is completely unacceptable. We are frustrated and committed to doing everything we can to mitigate the harm caused by this crime.
“I want to be clear: This was an attack on a third-party service provider. The Employment Security Department did nothing to cause this, and is not responsible in any way for this incident,” McCarthy said.
So far, investigations show that there was unauthorized access to files held by Accellion Dec. 25, according to the Auditor’s Office. An Accellion press release from Jan. 12 states that it had experienced a “security incident regarding one of its legacy products” — a 20-year-old product used for large file transfers.
People with personal information at risk will be notified, and the Auditor’s Office has set up a secured webpage with information on the incident: sao.wa.gov/breach2021
The Auditor has scheduled a virtual press conference to address the breach at 3 p.m. Monday.
This story was originally published February 1, 2021 at 12:33 PM with the headline "Data of 1.6 million who filed for unemployment may have been exposed in breach."
.jpg)