Data leak compromised Washington residents who filed unemployment claims

The legal claims are increasing over the unemployment-data breach involving Washington State Auditor Pat McCarthy’s office.

The Office of the Washington State Auditor is investigating a data breach incident which has compromised the personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. According to the State Auditor’s office, the data leak happened on December 25.

Pat McCarthy’s team blamed the breach on a third party software provider named Accellion. In mid January, Accellion told SAO that the incident might have allowed unauthorized access to information stored in Accellion’s servers. This incident could have exposed the sensitive data of Washingtonians

“I want to be clear: This was an attack on a third-party service provider,” McCarthy added. “The Employment Security Department did nothing to cause this, and is not responsible in any way for this incident.”

Who is affected by this data breach?

The data breach affects anyone who filed for unemployment in Washington between Jan. 1 and Dec. 10, 2020, the auditor’s office said.

The information leaked may have included personal information of people who filed for unemployment claims from Jan. 1 to Dec. 10, 2020. SAO was reviewing all claims data as part of an audit of that fraud incident. The personal information may include name, social security number and/or driver’s license or state identification number, bank information, and place of employment.

Such data “is highly coveted and valuable” on the black market, where criminals sell stolen consumer information, “exposing consumers to identity theft and fraud for years to come,” the lawsuit alleges.

Lawsuit against Accelion

A Seattle law firm has filed a lawsuit against Accellion, on behalf of Jason Stahl, a Seattle man who filed for unemployment last year. The lawsuit, which seeks class-action status on behalf of more than 1.6 million people whose personal information was compromised, was filed in King County Superior Court.

The civil complaint accuses Accellion of negligence and of violating Washington’s Consumer Protection Act due to the breach of its file-transfer service, known as FTA, which the auditor’s office had relied on.

As a result of the breach, Stahl and other Washington residents “have suffered actual damages, and are at imminent risk of future harm, including identity theft and fraud that would result in monetary loss.”

The state auditor’s office, which paid $17,000 a year for Accellion’s FTA service, was not named as a defendant in the lawsuit.