SEATTLE - A Seattle firm has filed a lawsuit against the California company whose software was hacked and exposed the personal information of 1.4 million people who filed unemployment claims in Washington state.
The civil suit against Accellion was filed in King County Tuesday and seeks class-action status on behalf of everyone whose information was hacked.
The data breach came as the state Auditor's Office was investigating $600 million in fraudulent unemployment claims.
Those potentially affected include people who filed for unemployment benefits between Jan. 1 and Dec. 10, 2020. That includes many state workers as well as people who had fake unemployment claims submitted on their behalf.
The data includes names, Social Security numbers, driver’s license numbers, bank information and place of employment. The Auditor’s Office says it is working with state cybersecurity officials, law enforcement and others to try to mitigate the damage.
"Exposure of this information to the wrong people can have serious consequences. Identity theft can have ripple effects, which can adversely affect the future financial trajectories of victims’ lives," the lawsuit states.
Other Accellion customers were also affected, including Australia’s securities regulator and New Zealand’s central bank.
State Auditor Pat McCarthy said the state learned of the attack Jan. 12, after Accellion made a general announcement regarding a security breach, but Accellion said it notified customers Dec. 23. It wasn’t until last week that the Auditor’s Office learned what files might have been accessed, McCarthy said.
Accellion counters that the file-sharing system the auditor's office used is outdated, and that the company has been encouraging customers to upgrade to a more secure system three years.
The company declined to comment on the lawsuit.
The Auditor’s Office said it has used Accellion for the past 13 years, on a contract worth about $17,000 annually.
The Associated Press contributed to this report.