The State Auditor’s Office (SAO) of Washington has reported a data security incident that potentially exposed the personal information of over one million individuals. Unauthorized access to data occurred through a system operated by Accellion, a third-party service provider utilized by the SAO for data transfer. The incident is currently under investigation by Accellion, the SAO, and law enforcement agencies.
Those potentially affected include recipients of unemployment benefits from the Washington Employment Security Department from 2017 to 2020, along with certain state employees. The SAO is in the process of identifying the full scope of the breach and will notify individuals whose information may have been compromised. Notifications will be sent between February 25 and March 9 to the email addresses associated with the unemployment insurance accounts.
The breach involved sensitive information such as names, Social Security numbers, dates of birth, residential and email addresses, as well as banking details including account and routing numbers. The breach did not involve employer details or driver’s license numbers.
The SAO has made arrangements for those affected to receive 12 months of complimentary credit monitoring and identity restoration services. These services are being provided through Experian, and affected individuals will receive instructions on how to enroll in these services via the notification email. Further information can be accessed on the SAO’s website by navigating to the section regarding the data incident and selecting the option for credit monitoring and identity theft protection services.
Individuals concerned about the security of their financial information are advised to consult with their respective banking institutions. The Department of Financial Institutions offers guidance on financial rights and securing bank accounts, with additional resources for enhancing security measures.
Those opting to change their direct deposit information due to the incident should coordinate with their agency’s payroll office. Guidance on how to request such changes has been provided by the Office of Financial Management (OFM), but it is important to note that confirmation regarding the inclusion of specific individuals’ data in the breach cannot be provided by the human resource offices or the Employment Security Department.
