State Auditor: Data Breach Compromised Info Of 1.6 Million Washingtonians Seeking Unemployment


A data breach may have exposed the personal information of 1.6 million residents who filed for unemployment last year, as well as other information from state agencies and local governments, Washington state Auditor Pat McCarthy said Monday.

The breach involved third-party software used by the auditor’s office to transmit files. It came as the Auditor’s Office is investigating how the state Employment Security Department lost hundreds of millions of dollars to fraudsters, including a Nigerian crime ring, who rushed to cash in on sweetened pandemic-related benefits by filing fake unemployment claims.

“I know this is one more worry for Washingtonians who have already faced unemployment in a year scarred by both job loss and a pandemic,” McCarthy said in a news release. “I am sorry to share this news and add to their burdens.”

Commissioner Suzi LeVine addressed unemployment claim processing delays during a media teleconference Thursday. CREDIT: WA ESD via Zoom

Former Washington state Employment Security Department Commissioner Suzi LeVine, who stepped down to take a job in the Biden administration, addressed unemployment claim processing delays during a media teleconference earlier in 2020. CREDIT: WA ESD via Zoom

The software vendor, Accellion, appears to have been attacked Dec. 25, McCarthy said. The state learned about it Jan. 12, after Accellion made a general announcement regarding a security breach, but it wasn’t until recent days that the Auditor’s Office learned what files might have been accessed, McCarthy said.

Those potentially affected include people who filed for unemployment benefits between Jan. 1 and Dec. 10, 2020. That includes many state workers as well as people who had fake unemployment claims submitted on their behalf.

The data includes names, Social Security numbers, driver’s license numbers, bank information and place of employment. The Auditor’s Office says it is working with state cybersecurity officials, law enforcement and others to try to mitigate the damage.

Also potentially affected was personal information held by the Department of Children, Youth and Families, and non-personal financial and other data from local governments and state agencies.

The Auditor’s Office stopped using Accellion’s services Dec. 31 for reasons unrelated to the attack, McCarthy said.

Copyright 2021 Associated Press