State Auditor’s Office data security incident
We recently learned that someone may have gained unauthorized access to personal information for more than 1 million Washingtonians, including many state employees. The data breach involved Accellion, a private software service provider the State Auditor’s Office was using to transfer data. Accellion, the Auditor’s Office and law enforcement are investigating the incident.
Who was affected by the data breach? When will I be notified if my information was exposed during the breach?
The Auditor’s Office and law enforcement are still working to determine the full extent of the data breach. This much is known: The breach included information for anyone who received unemployment benefits from the Employment Security Department between 2017 and 2020.
If your information was included in the data breach, you will be notified directly by the Auditor's Office via the email address associated with your unemployment insurance account, between February 25 and March 9.
What type of information was compromised?
The data files that were exposed in the security breach included unemployment compensation claim information including the person’s name, social security number, date of birth, street and email addresses, bank account number and bank routing number. The information did not include employer names or driver’s licenses.
If my data was affected, will I be provided credit monitoring?
Yes. The Auditor’s Office has arranged for 12 months of credit monitoring and identity restoration services at no cost for people whose data may have been affected. The Auditor's Office has contracted with Experian for this service and will include instructions in the notification email. More information about credit monitoring is available on the State Auditor's Office website (select "Legal notice about the data incident" then the tab "Offer of free credit monitoring/Identity theft protection services".)
Do I need to change my bank account?
That is a decision you need to make. You may want to consult with your bank or financial institution. The Department of Financial Institutions has posted helpful information related to your rights and responsibilities regarding unauthorized access and use of funds, in addition to suggestions on how to make your financial institution account more secure. That page also includes links to information from banks and credit unions.
If you are considering changing your direct deposit information you will need to work with your agency’s payroll office. OFM has published guidance on how to request this change. It’s important to note that neither your human resource office nor the Employment Security Department can confirm whether your information was included in this breach.
Where can I find more information?
The State Auditor’s Office has created a web page where it has posted more detail about the security incident and links to additional advice and resources for protecting your identity and your credit. That web page will be updated regularly with the latest information.
If you have any questions, call the Auditor's Office dedicated call center at 1-855-789-0673 Monday – Friday 8 a.m. – 5 p.m. Pacific Time.
Why are you telling me to go to the Auditor’s Office website for more information?
The Auditor’s Office was the custodian of that data and is responsible for coordinating with law enforcement, providing notifications as required by law and providing credit monitoring and other services that may be offered free of charge to those whose data was part of the breach.
Again, the data breach involved a third-party vendor the Auditor’s Office was using to transfer data as part of regular audit work. The Employment Security Department played no part in this breach, and no state IT systems were breached.