Hackers Steal Data Of 1.6 Million WA Unemployment Applicants

OLYMPIA, WA — The Office of the Washington State Auditor confirms that a data broach may have exposed the data of the more than one million Washingtonians who applied for unemployment last year.

The news is the latest development in a long debacle for Washington state's unemployment system — one which began during the massive spike in unemployment at the start of the pandemic. As thousands of Washingtonians lost their jobs last spring and started filing for unemployment, scammers saw an opportunity. They filed an estimated 122,000 "known or probable" fraudulent claims with Washington's Employment Security Department (ESD) which ended up paying the scammers a combined $600 million.

The theft was discovered shortly afterwards, and the ESD has since reworked their vetting process for new claims and recovered $250 million of the stolen money.

To learn more about how those scammers slipped through the cracks, the State Auditor was tasked with investigating the ESD — which is why the auditor's office had the unemployment data that hackers have now stolen.

According to the SAO, the breach is partially the fault of Accellion, a third party provider the office had been using to transfer files. Hackers reportedly used a software vulnerability to access files that were being transferred by Accellion's service sometime in late December.

The exact scope of the breach is unknown, but as many as 1.6 million unemployment applicants may have had their data exposed, according to the Seattle Times. The breach may also have included other Washington residents whose data was being reviewed by the SAO as part of other investigations.

The exposed data likely includes: the claimant's name, social security number, driver's license or state identification number, workplace and bank account or bank routing numbers.

In response to the breach, the SAO says it is preparing several resources to help any individuals whose data was stolen in the breach, which they say will be released as soon as possible. They have also set up a website providing resources for victims at: sao.wa.gov/breach2021/.

In the meantime, Washingtonians who are concerned that their data may have been compromised by the breach should double-check their bank account statements and credit reports for any suspicious activity, and may want to consider a credit freeze or placing a fraud alert on their credit reports.