The Washington state government has suffered a major data breach involving unemployment claims, potentially exposing data on more than 1.6 million people, Officers admitted on Monday.
It appears that the data was compromised through Exelion, a third-party vendor, contracting with the state auditor’s office. In mid-December, the company faced a cyber attack through a zero-day vulnerability in its legacy file transfer application.
The data exposed is quite sensitive, and includes name, bank account and routing information, social security number, place of employment and driver’s license number.
All this happened, ironically, while the auditor’s office wanted to conduct a thorough investigation State’s ongoing problems Along with unemployment fraud — some of which are linked to notorious cyber actors such as Nigerians Threatened group scattered cannery. SAO was using Accellion’s file transfer software, as it was affected by unemployment claims filed in Washington over the past year, The auditor’s office said on Monday:
The SAO was reviewing all claims data as part of an audit of that fraud incident. The data includes approximately 1.6 million claims and includes a person’s name, social security number and / or driver’s license or state identification number, bank information and place of employment.
The SAO’s office said they were recently informed of the full extent of the breech, as the attack occurred on 25 December and their office was not informed about it until 12 January. It was hacked after the announcement of Accellion. The office further commented that they wanted a “complete understanding of the timeline of the incident and the state of Exelian’s investigation and the investigation by law enforcement” and said that they currently do not have enough information to conclude about “the time or the full “The scope of what happened
Accellion claims that It fixed the defect within 72 hours It is being made aware of, but that the initial security incident was just “the beginning of a concrete cyber attack on the FTA product” that continued into January. The company later “identified additional exploits in the coming weeks and released patches to rapidly develop and close each vulnerability,” it said.
Other major institutions have also been affected by this attack, including Big Australian Law Firm Allens And Reserve Bank of New Zealand.
Accellion has announced that it cMoving forward with an “industry-leading cyber security forensics firm” to assess how the attack occurred. It promises to share the findings of the report when it becomes available.
Updated, 02/01/2021 at 9:20 pm: The original story misstated the number of people who were potentially affected and has since been fixed.