Unemployment data breach is bad, but Pierce County legislator places false blame
Jobless and formerly jobless Washingtonians can’t help but feel a sickening sense of deja vu with this week’s news of a security breach at the state Auditor’s Office. After enduring benefits delays, overpayment notices and other hassles with the state Employment Security Department during the COVID-19 shutdown, they now face the prospect their personal information was stolen for the second time in a year.
Auditor Pat McCarthy vowed Monday that the hack of Social Security numbers, banking information and other data collected by a third-party vendor would be fully investigated. It’s ironic, she said, that at least 1.4 million people were exposed to bad actors while her office was investigating a fraud wave that hit ESD last year.
A cruel irony, at that. Washingtonians caught up in this mess are entitled to feel doubly vulnerable, doubly angry and doubly impatient for accountability. Accellion, the data-sharing software contractor the Auditor’s Office has used for 13 years, has a lot of explaining to do. And McCarthy must own this debacle and fix it immediately.
This time, however, it’s wrong to point fingers at ESD, despite it being everyone’s favorite punching bag.
That’s what a Pierce County legislator did this week by claiming ESD is responsible for “Breach 2021.” Ultimately, he pins blame on the agency’s departing director, Suzi LeVine, and Gov. Jay Inslee, who appointed her.
Rep. Jesse Young, R-Gig Harbor, should be ashamed of the deceptive, inflammatory letter he posted on his legislative webpage Monday. In it, he rants about “the stench” of “blatant indifference” and “sheer incompetence” at the unemployment agency. He concludes by demanding Inslee bring “qualified, competent leadership to ESD, or resign immediately and let the Lt Governor do so.”
Oddly, Young doesn’t even mention the Auditor’s Office and Accellion, as if these central characters don’t exist.
Voters in the 26th Legislative District should demand more from a technology consultant recently elected to his fourth term in the House.
It’s bad enough that Young would try to score political points by misdirecting blame. McCarthy, an independently elected state official and former Pierce County executive who won a second term in November, has reiterated for two days that the security breach has “nothing to do” with ESD.
What’s worse is that Young’s stunt may send potentially compromised Washingtonians to the wrong place for help, returning them to the gauntlet of jammed phone lines at ESD’s overwhelmed claims center.
It’s like yelling “fire” in a crowded theater with a recent history of serious fire hazards, when the flames are actually burning at a different theater down the street.
(For the record, anyone who may be a victim of of the Accellion breach should follow instructions online at https://sao.wa.gov/breach2021/)
In an email exchange Tuesday with the TNT editorial page editor, Young didn’t back off his criticism of ESD, saying it should have “vetted and identified this issue prior to ever engaging this vendor.”
But ESD doesn’t have a contract with Accellion; the Auditor’s office does. So what’s the department supposed to do? Refuse to comply with a series of audits ordered by McCarthy? That certainly won’t help the state get to the bottom of systemic problems in the jobless safety net.
It’s worth noting that House and Senate Republican caucus leaders haven’t endorsed Young’s trumped-up claims. On Tuesday, they commended the Auditor’s office for transparency and didn’t try to shift blame for the hack to ESD. Among them was Rep. Matt Boehnke, a former Army officer with a cybersecurity background.
What they did do, appropriately, was pledge an across-the-board review of Washington government data security, including what private information is collected and how long it’s kept on file.
None of this is meant to excuse ESD for mistakes of the past year, which we’ve squarely addressed in past editorials. The agency buckled under the pandemic-induced pressure of delivering benefits to nearly 1 million people in 2020 and stumbled trying to recover from a $600 million wave of fraudulent claims.
There’s one kernel of truth in Young’s letter: ESD’s failures have had a direct impact on struggling families.
Employment Security officials have plenty of real problems to account for, so why fabricate ones where they don’t exist?