The accessed information is said to have contained personal details of Washington state residents who filed unemployment insurance claims in 2020, as well as other data from local governments and state agencies.
The exact information that may have been compromised include:
- Full name
- Social security number
- Driver's license
- State identification number
- Bank account number and bank routing number, and
- Place of employment
The unauthorized access incident is believed to have occurred in late December of last year, although it appears the full scope of the intrusion wasn't made aware until Accellion disclosed earlier this month that its file transfer application was the "target of a sophisticated cyberattack."
The Palo Alto-based cloud solutions company said on January 11 that it was made aware of a vulnerability in its legacy FTA software in mid-December, following which it claimed it addressed the issue and released a patch "within 72 hours" to the less than 50 customers affected.
Accellion also said it's contracting with an "industry-leading cybersecurity forensics firm" to investigate the incident.
Given that the compromised information can be abused to carry out identity theft or fraud, the SAO said it's in the process of arranging measures to protect the identities of those whose information may have been contained within SAO's files.
In the meanwhile, the agency recommends reviewing account statements and credit reports, notifying financial institutions of any suspicious activity, and reporting any suspected incidents of identity theft to law enforcement.It's worth noting that Accellion's FTA software was used as an attack vector to strike two other organizations, including the Australian Securities and Investments Commission (ASIC) and the Reserve Bank of New Zealand (RBNZ), in recent weeks.
Found this article interesting? Follow THN on , Twitter and LinkedIn to read more exclusive content we post.