Accellion Data Breach Response
• Last updated: March 9, 2021
Washington State Auditors Accellion Data Breach
How you can protect yourself from the data breach reported by the State Auditor's Office
The State Auditor’s Office has reported a data breach at a third-party vendor, Accellion. While the full scope has not yet been determined, the office does know that data files from the Employment Security Department (ESD) were impacted. The ESD files contained unemployment compensation claim information, which included names, social security numbers, financial institution account and routing numbers, and employment details.
While we don't know the intentions behind the breach, given the data involved, it holds a greater risk for identity theft and fraud. If you applied for unemployment in Washington state in 2020, here are some steps you can take to protect your accounts:
- Place a code word on your account if you do not have one. This can be done by calling the Contact Center or visiting a branch.
- Monitor your account for unusual activity. You are not responsible for fraud if you report it to us in a timely manner.
- Sign up for account alerts to be notified when certain activity occurs on your accounts, such as when someone signs in to Online Banking or withdraws money over a certain amount. You can set up these alerts within Online and Mobile Banking.
- Consider placing a fraud alert on your credit report by contacting any of the three credit reporting agencies below. An initial fraud alert is free and will stay on your credit file for one year. The alert informs creditors of possible fraudulent activity within your report and requests that creditors contact you prior to establishing any accounts in your name. You only need to contact one of the following three agencies:
- Equifax — 800.685.1111 or equifax.com
- Experian — 888.397.3742 or experian.com
- Transunion — 800.916.8800 or transunion.com
- Protect yourself from phishing scams. These scams typically come in the form of email and text messages that seem legitimate on the surface. The deceptive message will usually include a call to action like a request for more information or an invitation to check out a link. From there, the data thieves trick victims into giving them personal or financial information like passwords, bank account numbers and even Social Security numbers. Learn more about how you can spot and avoid phishing scams.
In response to the breach, WSECU will be placing extra emphasis on member identity verification for certain transactions. Please note, you may be asked for additional information that only you know in order to better protect your account.
Regular monitoring of your account is your best course of action to protect yourself, so please notify us right away if you see any unusual activity. The state auditor’s office will continue to update the public on this situation as it investigates further. For the latest updates, visit the state auditor's website.
Frequently Asked Questions
While the full scope has not yet been determined, data files from the Employment Security Department (ESD) were impacted. The ESD files contained unemployment compensation claim information, which included names, social security numbers, driver’s license or state identification numbers, financial institution account and routing numbers, and employment details.
The best way to protect yourself is to monitor your accounts and credit carefully and use the tools listed above to alert you to unusual activity. There is considerable effort involved in establishing a new account, such as updating direct deposit information and revising automatic payment details. We believe that your peace of mind should come from knowing WSECU will be there to provide support and assistance if fraud happens as opposed to the effort of changing account numbers pre-emptively. If you would like to open a new account, we would be happy to help you. To open a new savings account online, sign into online banking. You will need to give us a call after it’s established so we can move your existing account over.