The Office of the Washington State Auditor (SAO) has experienced a data breach which has resulted in the exposure of 1.6 million employment claims, and the sensitive personal information that they contain.
The Washington SAO revealed that a threat actor had exploited a vulnerability in Accellion, a secure file transfer service that helps organisations share sensitive documents with outside users in a secure way. The breach has unfortunately exposed data files from the Employment Security Department (ESD) which contain highly sensitive personal information of millions of Washington residents.
They SAO have release a statement that says, “SAO is advised that an unauthorized person was able to exploit a software vulnerability in Accellion’s file transfer service and gain access to files that were being transferred using Accellion’s service. Accellion stated that they believe the unauthorized access occurred in late December of 2020.”
The statement continued to say that “other customers of this Accellion service were similarly impacted. SAO is currently seeking a full understanding of the timeline of the incident and the status of Accellion’s investigation and the investigation by law enforcement. At this time, SAO does not have enough information to draw conclusions about the timing or full scope of what took place.”