Growing outrage, calls for accountability after state auditor's hack puts 1.4 million people at risk

Outrage and call for accountability after state auditor’s office hacked

Personal data of 1.4 million exposed in hack

OLYMPIA, Wash. - Anger and calls for accountability are growing louder following the news that more than 1.4 million people in Washington who filed unemployment claims may have had their personal information stolen in a data breach involving the state auditor's office.

Those who filed for unemployment in 2020 are fed up. First, there were delays in their unemployment checks. Then many became the victims of fraud. Now their information has been stolen. They want something done about it.

"It’s egregious. Somebody should be held accountable," said construction worker Jesse Shepard. "This is a critical failure at the bureaucratic level of our state."

When Shepard's work shut down last March, the father of three from Silverdale applied for unemployment. Before he ever received it, he learned he was the victim of unemployment fraud.

Shepard said he's looking to reclaim the lost money as the state removed thousands of dollars from his bank account. It took almost six months before he got his own money back and the original unemployment payments. Now he’s learned almost 1.5 million others in Washington state had personal info may have also been stolen.

"It causes me to lose some faith in our government facilities," Shepard said. "I’ve taken great pains to protect my identity and I’d like to see my state has taken those same pains."

State Auditor Pat McCarthy, a Democrat, announced yesterday that records, including people’s social security numbers and banking information, were exposed while the auditor was, ironically, investigating $600 million in fraudulent unemployment claims.

She blamed the breach on a failure of Accellion, maker of software used by her office.

Accellion has reportedly said the auditor's office was using a 20-year-old software that was outdated, and a software patch or fix could have prevented the breach.

The auditor responded that she had no indication the software was not secure.

During a news conference, she was also pressed on why the state needed to store people’s sensitive information.

"As for transferring information, that’s what we do," McCarthy said.

State Rep. Matt Boehnke, a Republican from Kennewick, said "it is failing."

"We need to stop the failure now with true leadership," he said.

Boehnke works in cyber-security and said Accellion, the software company, only deserves part of the blame.

"It’s also the wherewithal from leadership to make sure we’re accountable or transparent in our actions, that we can be trusted with the people’s work and the people’s data," Boehnke said.

Many of those impacted feel like the responsibility runs all the way to the governor’s office.

Governor Jay Inslee responded through a spokesperson:

"The governor and our staff have spoken to the auditor several times and expressed his deep concern about the data that was exposed by their third party vendor. Pat McCarthy is a separately elected statewide official, and we understand that they are taking responsibility for this and doing everything they can to address it."

For those now scrambling to protect their bank accounts, like Shepard, that’s not enough.

"[Inslee] needs to hold those people accountable that are in a position to oversee those things that are happening," Shepard said. "There needs to be some accountability along the chain of command."

The state auditor has created a webpage with information for those who believe their data has been compromised: Auditor's webpage for help.

It’s not just those who filed employment claims impact by this. The auditor says roughly 25 state agencies and 100 local governments were affected by the Accellion breach.