Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:57C74FC8B636FFF6AAF707331F8FEDFB
HistoryFeb 02, 2021 - 10:28 a.m.

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

2021-02-0210:28:00
The Hacker News
thehackernews.com
61
JSON

The Office of the Washington State Auditor (SAO) on Monday said it’s investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020.

The SAO blamed the breach on a software vulnerability in Accellion’s File Transfer Appliance (FTA) service, which allows organizations to share sensitive documents with users outside their organization securely.

“During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file transfer service,” the SAO said in a statement.

The accessed information is said to have contained personal details of Washington state residents who filed unemployment insurance claims in 2020, as well as other data from local governments and state agencies.

The exact information that may have been compromised include:

  • Full name
  • Social security number
  • Driver’s license
  • State identification number
  • Bank account number and bank routing number, and
  • Place of employment

The unauthorized access incident is believed to have occurred in late December of last year, although it appears the full scope of the intrusion wasn’t made aware until Accellion disclosed earlier this month that its file transfer application was the “target of a sophisticated cyberattack.”

The Palo Alto-based cloud solutions company said on January 11 that it was made aware of a vulnerability in its legacy FTA software in mid-December, following which it claimed it addressed the issue and released a patch “within 72 hours” to the less than 50 customers affected.

Accellion also said it’s contracting with an “industry-leading cybersecurity forensics firm” to investigate the incident.

Given that the compromised information can be abused to carry out identity theft or fraud, the SAO said it’s in the process of arranging measures to protect the identities of those whose information may have been contained within SAO’s files.

In the meanwhile, the agency recommends reviewing account statements and credit reports, notifying financial institutions of any suspicious activity, and reporting any suspected incidents of identity theft to law enforcement.

It’s worth noting that Accellion’s FTA software was used as an attack vector to strike two other organizations, including the Australian Securities and Investments Commission (ASIC) and the Reserve Bank of New Zealand (RBNZ), in recent weeks.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

JSON