A large breach of personal data privacy in Washington illustrates ongoing security concerns. In this case, potential damages are piling on those already injured. A hack of roughly 1.4 million people’s personal information was revealed on Monday, and the information gleaned was far more comprehensive than usual because of the source. In this case, people’s names, social security numbers, driver’s license numbers, bank account numbers and employment history, all compiled to allow for easy correlation, were stolen.
The data breach occurred due to security lapses in the State Auditor’s office as they investigated fraudulent claims from the states’ Employment Security Division. The ESD had admitted to losing $600 million – more than $350 million of which had been subsequently regained – due to fraud, as claims were initially paid to people who were ineligible for benefits.
In many of these instances, the fraudulent claims had been filed due to identity theft; it is a common fraud technique in the United States. A person or group gains enough data about an individual to file a false unemployment claim, draining the victim’s available benefit payments. Prior targets of this type of attack are expected to be the primary victims of the latest massive security failure. Some will be people who discovered the prior fraud after having lost their jobs.
Involvement in the investigation occurred independent of any individual requests; as people paid into the unemployment system, the officials had authority to access their data. The State Auditor, Pat McCarthy, has promised to send notification to all affected individuals regarding the theft of their personal information, but will not set a firm date on when those notifications will begin until he has fully consulted with the office’s insurance carrier, presumably about liability. Washington state has, as yet, declined to provide paid access to credit monitoring services for those affected – a standard response for large companies, as many states have enacted legislation requiring such action.