[BreachExchange] Notices to go out to 1.3 million Washingtonians affected by unemployment data breach

[Destry Winant]

https://www.seattletimes.com/seattle-news/politics/notices-to-go-out-to-1-3-million-washingtonians-affected-by-unemployment-data-breach/

If you filed for unemployment in Washington last year, be sure and
check your inbox in the coming weeks.

State Auditor Pat McCarthy’s office plans to send individual
notifications to an estimated 1.3 million people whose personal
information was exposed in a massive data breach disclosed this month.

The notifications will be sent by email over the next two weeks — and
will include information about identity theft protection and an
individual code for a year of free credit monitoring, the auditor’s
office said in a news release Thursday.

In an email to state lawmakers, McCarthy advised people to check their
inboxes and junk mail folders over the next two weeks, saying all
notifications should arrive by March 9.

The data breach, the result of vulnerabilities in a file-transfer
service sold by California tech company Accellion, exposed detailed
personal information in unemployment claims, including names, Social
Security numbers, dates of birth, street and email addresses and bank
account information.

That type of information is frequently sold by hackers to
cybercriminals, who can use it to steal identities and create other
financial headaches for victims.

The data taken from the state auditor had been gathered for an
investigation of what went wrong last year when the state Employment
Security Department lost hundreds of millions of dollars to fraudulent
unemployment claims.

Accellion’s system was compromised in December, the company has said.
In addition to the Washington state data, multiple companies and
institutions had files exposed, including the Kroger grocery chain,
the University of Colorado and the Jones Day law firm.

Multiple class-action lawsuits have already been filed over the data
breach in Washington and California against Accellion, with one also
naming the auditor’s office.

The breach is under investigation by the auditor’s office and by state
and federal law enforcement agencies.