Data breach compromises personal information of 1.6 MILLION Americans who sought unemployment - putting their Social Security numbers, driver's license and bank details all at risk
A data breach may have exposed the personal information of 1.6 million Washington state residents who filed for unemployment last year, officials said Monday.
The hack involved third-party software used to transmit files and involves names, Social Security numbers, driver's license numbers, bank information and place of employment, state auditor Pat McCarthy said.
It came as the Auditor's Office is investigating how the state Employment Security Department lost hundreds of millions of dollars to fraudsters, including a Nigerian crime ring, who rushed to cash in on sweetened pandemic-related benefits by filing fake unemployment claims.
'I know this is one more worry for Washingtonians who have already faced unemployment in a year scarred by both job loss and a pandemic,' McCarthy said in a news release. 'I am sorry to share this news and add to their burdens.'
Those potentially affected include people who filed for unemployment benefits between January 1 and December 10, 2020.
That includes many state workers as well as people who had fake unemployment claims submitted on their behalf.
A data breach may have exposed the personal information of 1.6 million Washington state residents who filed for unemployment last year, officials said Monday. In this May 16 file photo workers fill out job applications during a walk- and drive-up job fair in Seattle
The hack involved third-party software used by the auditor's office to transmit files and involves names, Social Security numbers, driver's license numbers, bank information and place of employment, state auditor Pat McCarthy said
The software vendor, Accellion, appears to have been attacked December 25, McCarthy said.
The state learned about it January 12, after Accellion made a general announcement regarding a security breach.
It wasn't until recent days that the Auditor's Office learned what files might have been accessed, McCarthy said.
The Auditor's Office says it is working with state cybersecurity officials, law enforcement and others to try to mitigate the damage.
Also potentially affected was personal information held by the Department of Children, Youth and Families, and non-personal financial and other data from local governments and state agencies.
State auditor Pat McCarthy announced the breach on Monday
The Auditor's Office stopped using Accellion's services December 31 for reasons unrelated to the attack, McCarthy said.
She added: 'I want to be clear: This was an attack on a third-party service provider. The Employment Security Department did nothing to cause this, and is not responsible in any way for this incident.'
Joel York, Accellion's chief marketing officer, told The Seattle Times the product used 'just wasn't designed for these types of threats'.
Gov. Jay Inslee is said to have spoken with McCarthy's office 'and expressed his deep concern about the data that was exposed by their third party vendor'.
A spokesman added: 'As a separately elected statewide official, we understand that they are taking responsibility for this and doing everything they can do address it.'
