[BreachExchange] Data breach compromised info of 1.6M in Washington who sought unemploymentTrending

[Destry Winant]

https://www.columbian.com/news/2021/feb/01/data-breach-compromised-info-of-1-6m-in-washington-who-sought-unemployment/

SEATTLE — A data breach may have exposed the personal information of
1.6 million residents who filed for unemployment last year, as well as
other information from state agencies and local governments,
Washington state Auditor Pat McCarthy said Monday.

The breach involved third-party software used by the auditor’s office
to transmit files. It came as the Auditor’s Office is investigating
how the state Employment Security Department lost hundreds of millions
of dollars to fraudsters, including a Nigerian crime ring, who rushed
to cash in on sweetened pandemic-related benefits by filing fake
unemployment claims.

“I know this is one more worry for Washingtonians who have already
faced unemployment in a year scarred by both job loss and a pandemic,”
McCarthy said in a news release. “I am sorry to share this news and
add to their burdens.”

The software vendor, Accellion, appears to have been attacked Dec. 25,
McCarthy said. The state learned about it Jan. 12, after Accellion
made a general announcement regarding a security breach, but it wasn’t
until recent days that the Auditor’s Office learned what files might
have been accessed, McCarthy said.

Those potentially affected include people who filed for unemployment
benefits between Jan. 1 and Dec. 10, 2020. That includes many state
workers as well as people who had fake unemployment claims submitted
on their behalf.

The data includes names, Social Security numbers, driver’s license
numbers, bank information and place of employment. The Auditor’s
Office says it is working with state cybersecurity officials, law
enforcement and others to try to mitigate the damage.

Also potentially affected was personal information held by the
Department of Children, Youth and Families, and non-personal financial
and other data from local governments and state agencies.

The Auditor’s Office stopped using Accellion’s services Dec. 31 for
reasons unrelated to the attack, McCarthy said.