Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims.
The Office of the Washington State Auditor (“SAO”) states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.
"SAO is advised that an unauthorized person was able to exploit a software vulnerability in Accellion’s file transfer service and gain access to files that were being transferred using Accellion’s service. Accellion stated that they believe the unauthorized access occurred in late December of 2020."
"Other customers of this Accellion service were similarly impacted. SAO is currently seeking a full understanding of the timeline of the incident and the status of Accellion’s investigation and the investigation by law enforcement. At this time, SAO does not have enough information to draw conclusions about the timing or full scope of what took place."
It was not until the week of January 25, 2021, that Accellion confirmed to SAO that SAO files were subject to this attack and provided the information needed for SAO to begin to identify which data files were impacted and individuals whose personal information is in those files," SAO stated in a security breach notification posted to their website.
The exposed claims were in data files from the Employment Security Department (ESD) and contain sensitive personal information of Washington residents.
In addition to unemployment claims, the breach exposed files from some Washington local governments and other state agencies were also affected.
The SAO is still investigating what information is contained in these files.
Full article on https://www.bleepingcomputer.com/news/security/data-breach-exposes-16-million-washington-unemployment-claims/
#databreach #usa #washington #claims #yokdata #blog