Washington State Auditor Pat McCarthy. (Photo of the state examiner)
The Washington State Auditor’s office is investigating a security incident that compromised the personal information of more than 1.6 million people who filed for unemployment in the state in 2020.
Auditor’s office, Pat McCarthy, accused a third party software provider called Accellion, whose services are used to transfer computer files.
“I know this is another concern for Washingtoners who have been hit by unemployment and a pandemic for a year,” McCarthy said in a press release Monday. “That is totally unacceptable. We are frustrated and are trying to do everything possible to reduce the damage caused by this crime. “
The Seattle Times found that the compromised data was collected as part of the auditor’s investigation into how the State Department of Labor Protection (ESD) lost $ 600 million to fraudulent jobless claims.
“I want to be clear: this was an attack on a third party,” added McCarthy. “The occupational safety department did nothing to cause this and is in no way responsible for this incident.”
The State Auditor’s Office (SAO) said the incident occurred on December 25th, when unauthorized access to numerous files on the service provider’s system occurred.
According to the SAO, the following data can be affected:
- Personal data of individuals who submitted claims for unemployment benefit between January 1 and December 10, 2020. In addition to members of the general public, this group includes many civil servants as well as people whose identities were used to fraudulently file claims claims in early 2020. The SAO reviewed all claims data as part of an investigation into this fraud incident. The data spans approximately 1.6 million claims and includes the person’s name, social security number and / or driver’s license or state identification number, banking information, and job.
- Personal data of a smaller number of people, including data from the Ministry of Children, Young People and Families.
- Non-personally identifiable financial and other information from local governments and government agencies.
An Accellion representative told The Times that the breach was a 20 year old “legacy product” that the company had encouraged customers to stop using. Accellion’s chief marketing officer, Joel York, reportedly had Accellion encouraging users to upgrade to a newer product, which the accountant’s office did after the data breach.
The SAO said it works closely with state cybersecurity officials, law enforcement, the employment security division, children, adolescents and families division, and legal advisors.
The agency has a website dedicated to the incident with more information for those concerned about possible identity theft.