Critical Response
+1 800 604 4810
Article

Accellion Breach in WA State Debriefing from CI Security

Michael K Hamilton

The CISO
Back to the News Desk

The Accellion attack is one of the most significant breaches in the past decade, with data on 1.4 million WA State residents who claimed unemployment in 2020 now exposed via third-party software attack.

The story continues to develop quickly as more details emerge about how Accellion, a third-party provider to WA State, was used to hack into a file transfer system used by the State Auditor’s Office. This event is also of particular importance to local governments in Washington State.

On February 3, 2021, CI Security CISO Michael Hamilton, EVP of Professional Services Fred Langston, and Deputy CISO John-Luke Peck held an urgent panel discussion covering what is known to-date about the security breach, new details on the incident, open questions, and advice on what actions impacted organizations can take immediately. Watch the video to see the event's replay.

 

What Is Known To-Date about the Accellion Breach

On Tuesday, February 2, 2021, the WA State Auditor's office stated the personal data of residents filing unemployment claims, including names, Social Security numbers, banking information, and other details, were breached stemming from an attack on Accellion, the state auditor’s vendor to transfer large files. WA State residents filing for unemployment benefits with the state between Jan. 1 to Dec. 10, 2020, were impacted by the breach. 

A vulnerability was identified and communicated on or about December 25, 2020 by Accellion, and a patch was available approximately one week thereafter. Before the State’s system could be patched or upgraded to a newer version of the product, the vulnerability was exploited by an actor to obtain unauthorized access, and this was confirmed on or about January 28th, 2021.

Along with the unemployment records, a great deal of information regarding ongoing audits and examinations with local governments were available to the actor, and we are aware of anecdotal confirmation of unauthorized access to those records as well. These records may include details that can be used in cyberattack targeting, business email compromise, or further risk of financial fraud.

 

What Should Impacted Local Governments Do Now?

In addition to monitoring state communication on the issue, local governments can take steps to minimize risk to information technology and limit liability. Prioritize patches and upgrades for any technology details exposed , train key staff on business email compromise avoidance, contract a service to search the dark web for your records, and more. Watch the video linked above to get the rest of the recommendations.

 

If you have questions, contact the Critical Insight Cybersecurity Response team.