An ongoing hack on the state of Washington’s unemployment system left millions with their personal information exposed. When filing for unemployment from a job loss the least of your concerns should be whether or not your personal information will be
April 6, 2021
An ongoing hack on the state of Washington’s unemployment system left millions with their personal information exposed. When filing for unemployment from a job loss the least of your concerns should be whether or not your personal information will be exposed to hackers.
On January 12th “SAO [Washington State Auditor’s Office] received a general alert from Accellion directed to the users of its Kiteworks platform regarding a potential security incident with the Accellion file transfer appliance that SAO was no longer using.” The next day the Washington State Auditor’s Office “notified WaTech and engaged in extensive communications with Accellion to find out which files in transit to or from SAO may have been affected.” This breach left many at the SAO concerned.
It was not until later, the week of January 25, 2021, that the Washington State Auditor’s Office “determined that some of the data in the affected SAO files identified by Accellion contained personal information of people who received unemployment benefits from the Employment Security Department (“ESD”).” Finally, almost a month later, the Washington State Auditor’s Office announces on February 1st the hack to the public.
Personal information from unemployment claims available to hackers during the breach included information like full legal name, social security number, driver’s license, state identification number, bank account number, bank routing number, and former place of employment, according to the Washington State Auditor’s Office.
Almost two weeks later, on February 12th the Washington State Auditor’s Office notified the Attorney General (Which was later supplemented on February 26th).
Finally, on February 25th Washington State Auditor’s Office “set up a call center where people can ask questions and get information about obtaining help related to the incident, and began sending emails to people whose information was in the unemployment benefits data file. ”Many watchdogs were shocked that the ongoing hack took nearly 2 months to receive a final solution, all while millions of unemployment claims were left exposed in the data breach.
A shocking revelation released in a letter from Pat McCarthy, Washington State Auditor, stated that “We are in the process of sending emails to people who received unemployment benefits from the State of Washington between 2017 and 2020 that their information was involved in the security incident and offering resources to help them.” This meant that not only were recent unemployment claims accessed but also unemployment claims up to 4 years ago.
Synergy Infosec is here to help with any data breaches big or small. If you or your employees have been the victim of a data breach like the one involving Washington State unemployment claims, reach out to our dedicated cybersecurity consultants.
The first thing any company should think of is protecting their business. Our cybersecurity scanners and tools will protect your business product, so you can focus on conquering the market and leaving your competitors far behind!
Sign up to receive our security newsletters