State Auditor's Office data breach

The Washington State Auditor’s Office (SAO) announced on Feb. 1, 2021, that criminals breached the computer systems of their third-party vendor. This vendor was storing data the SAO required ESD to provide in 2020. The attack may have affected more than 1 million claimants who filed claims in 2020.

SAO will send a notice to people whose personal information is believed to have been impacted by the breach. SAO reports that those notices will begin by email Feb. 25, 2021, to people who filed an unemployment benefits claim between Jan. 1, 2020 and Dec. 10, 2020, and will continue over the following two weeks. The notice contains important information, including how to access free services that SAO offers to help protect affected individuals’ identity, financial accounts and credit, and prevent fraud. 

As the independently elected State Auditor Pat McCarthy said, ESD is in no way responsible for this incident. ESD's systems have not been breached or hacked.

Because the criminals didn’t steal this data from ESD, the State Auditor’s Office has the most up to date information about what data was compromised and what to do next.

Important info from ESD Commissioner Cami Feek

What to tell claimants:

  • The State Auditor’s Office is beginning to notify people who filed unemployment benefits claims in 2020 and whose personal information may have been exposed in a security breach of the SAO’s third-party vendor, Accellion.
  • The SAO reports those notices will begin by email Feb. 25, 2021, to people who filed an unemployment benefits claim between Jan. 1, 2020 and Dec. 10, 2020, and will continue over the following two weeks.
    • Make sure to keep an eye on your inbox, and check your spam/junk folder, if you are expecting to receive a notice.
    • The notice contains important information, including how to access free services that SAO offers to help protect affected individuals’ identity, financial accounts and credit, and prevent fraud.
  • Go to the SAO's response page: www.sao.wa.gov/breach2021.
  • The SAO has set up a call center for questions. The number is 855-789-0673.
  • ESD is in no way responsible for this incident. ESD's systems have not been breached or hacked.
  • The State Auditor’s Office, not ESD, will have the most up-to-date information about what data was compromised and what to do next.
  • We do not yet know if the SAO data breach will affect benefit payments. Please tell clients to continue to submit weekly claims as usual.
  • We treat claimant data with the utmost protection. When the nationwide imposter fraud attack occurred last year, we not only checked for breaches of our system but also hired an outside consulting firm to verify that in fact our system had not been hacked.
  • We published an alert on esd.wa.gov to let our claimants know as much as we know at the time. We also will add information to other fraud-related pages on esd.wa.gov.


If you, family members and fellow state employees applied for unemployment benefits or submitted claims in 2020

  • Anyone affected by the breach will receive a message from the SAO with directions and next steps. Make sure to keep an eye on your inbox, and check your spam/junk folder, if you are expecting to receive a notice. It is important to read that notice and follow any instructions.
  • Go to the state Office of Financial Management (OFM) data breach web page for up-to-date information for affected state employees.
  • The SAO has also set up a call center if you have more questions. The number is 1-855-789-0673.