WA Unemployment hacked

[clearconscience]

This angers me.
System was hacked Dec25, State doesn't find out until Jan 12th, and we find out today?!

Names, SSN, Bank info, and employment

Thanks a lot WA like you haven't screwed enough up

Data breach exposed private info of 1.6 million who sought unemployment benefits in Washington

The breach came as the Auditor’s Office investigates how the state Employment Security Department lost hundreds of millions of dollars to fraudsters.

www.oregonlive.com

Read More

 

[albin25]

Even scarier.?......
.....Biden has recently hired the idiot in charge and now she's not just your problem, now she's going to be everyone's problem.

 

[Alexx1401]

Nice to see my taxes are still working for me

 

[Nosferatu]

bubblegumming hell. I was on UI for six months.

 

[Alexx1401]

bubblegumming hell. I was on UI for six months.

If you do not currently use some form of credit monitoring you should sign up for one. Many of them are free. The free ones of course may not be as robust as the pay versions but, better than nothing. Wife got her ID stolen when we moved. I kept telling her the monitoring we get free from one bank kept saying there was something going on. She kept ignoring me until she got a couple letters from one of the big banks that someone had opened a couple checking accounts in her name and taken the bank for a ride. Then she started checking and found someone was having all kinds of fun with her info. Took a good while to get it all knocked down.

 

[clearconscience]

here's a link to the breach info at the bottom is a link for free credit reporting

About the Accellion data security breach - Office of the Washington State Auditor

This page is also available in these languages: ኣማርኛ – Amharic | العربية – Arabic | Khmer (ភាសាខ្មែរ) – Cambodian | 简体中文 – simplified Chinese | (fārsī) فارسى – Farsi (Persian) | 한국어 [韓國語] […]

sao.wa.gov

 

[Nosferatu]

If you do not currently use some form of credit monitoring you should sign up for one. Many of them are free. The free ones of course may not be as robust as the pay versions but, better than nothing. Wife got her ID stolen when we moved. I kept telling her the monitoring we get free from one bank kept saying there was something going on. She kept ignoring me until she got a couple letters from one of the big banks that someone had opened a couple checking accounts in her name and taken the bank for a ride. Then she started checking and found someone was having all kinds of fun with her info. Took a good while to get it all knocked down.

Yeah, I was defrauded several years ago and it took 3-4 years to get that taken care of, I've monitored my credit pretty religiously since.

 

[ATCclears]

I do IT, have a software product to help manage IT, and wrote to Inslee and the media after seeing the Office of the Auditor openly say the Department was not responsible.

It is Bravo Sierra (pilot speak). The Department had the relationship with the third-party vendor. Moreover, if one looks to data-protection language such as the GDPR and the concepts of Controller and Producer, the Department is the Controller agency in the relationship and is ultimately accountable for what happens with the data. To paraphrase, they collected the data and used a third party in their IT activities so they do no get a hall pass on accountability.

 

[Flopsweat]

I do IT, have a software product to help manage IT, and wrote to Inslee and the media after seeing the Office of the Auditor openly say the Department was not responsible.

It is Bravo Sierra (pilot speak). The Department had the relationship with the third-party vendor. Moreover, if one looks to data-protection language such as the GDPR and the concepts of Controller and Producer, the Department is the Controller agency in the relationship and is ultimately accountable for what happens with the data. To paraphrase, they collected the data and used a third party in their IT activities so they do no get a hall pass on accountability.

"It's not my fault that I was negligent in selecting a reliable data transfer company for this massive amount of sensitive private data."

 

[Nosferatu]

I do IT, have a software product to help manage IT, and wrote to Inslee and the media after seeing the Office of the Auditor openly say the Department was not responsible.

It is Bravo Sierra (pilot speak). The Department had the relationship with the third-party vendor. Moreover, if one looks to data-protection language such as the GDPR and the concepts of Controller and Producer, the Department is the Controller agency in the relationship and is ultimately accountable for what happens with the data. To paraphrase, they collected the data and used a third party in their IT activities so they do no get a hall pass on accountability.

Yeah, I'm in the same field. I'd like to get a look at the database, how everything was setup and what exactly was taken. These days, there is absolutely no excuse for that data to not be encrypted at rest.

I'm now wondering if I should close the bank account that I was using for the direct deposit of my UI payments. I already keep my credit locked. Luckily my time in this state is short-lived, so I'm not overly worried about my drivers license number.

 

[1371JarHead]

Yup if they were good at a job they wouldn't be working in government we all know that

 

[ATCclears]

@Nosferatu I assume they were using that third-party vendor for an integration with an external party. SFTP, API, dunno. I doubt the data was encrypted at-rest given the vendor's solution was 13 years old...

Did the vendor actually encourage and notify the State to upgrade platforms? Dunno. If the vendor's platform was insecure then did they have a firm retirement date, was the State running in or out of supported mode, etc etc etc.

 

[CountryGent]

From what I've seen of various .gov systems over the years, I am not even remotely surprised.

 

[Bat-S-Crazy]

I heard through the grapevine that it was breached in 3 agencies at the state level....