top of page

WA Employees: What You Need to Know About Recent Data Breach

What you need to know

The Office of the Washington State Auditor (SAO) used the online services company Accellion to transfer data. A security incident at Accellion may have allowed unauthorized access to data being used by SAO. Navigate this page using the links below to learn about the incident, what you can do to protect your data, and about our next steps.

What you can do if you are concerned you are affected

SAO is working swiftly to mitigate the harm caused by this crime. This includes help for people whose personal information is at risk. SAO will notify those people as quickly as possible. We will add information to this webpage as we learn more and as the authorities investigating the incident recommend we do so. The Washington Office of Financial Management has published a web page with detailed advice for people whose data may have been involved in this data breach. This page is on the OFM website at:


The EAP offers a FREE ID Theft Analysis which includes:

- Free Breach Search Tool

- Free ID Threat Score

- Free Safe Wallet

- Premium Protection

Download PDF • 252KB
EAP Summary of Services
Download PDF • 200KB

About the data incident

In January 2021, one of SAO’s software service providers, Accellion, issued a general announcement that it had experienced a security incident in December 2020. On January 12, Accellion told SAO that the incident might have allowed unauthorized access to data temporarily stored in Accellion’s servers. This incident might have exposed the sensitive data of Washingtonians to people who should not have had access to it. SAO immediately took action to determine what information may have been affected. It is:

  • Personal information of people who filed for unemployment claims from Jan. 1 to Dec. 10, 2020. This group includes many state employees, as well as people whose identity was used to file for claims fraudulently in early 2020. SAO auditors were reviewing all claims data as part of an audit of that fraud incident. This affects about 1.6 million people.

  • Personal information of a smaller number of people, including data held by the Department of Children, Youth and Families

  • Non-personal financial and other data from local governments and state agencies

This was an attack on the third-party service provider. It was not an attack on either SAO or the state’s Employment Security Department. Neither agency did anything to cause this, and is not responsible in any way for this incident.

Above information was found here :

12 views0 comments


bottom of page