Information Regarding the Washington State Auditor's Office Data Breach
nw+|cu has been made aware of a data breach at the Washington State Auditor’s Office. The full extent of the breach is still unknown however, initial reports indicate the possible compromise of “voluminous” personal and financial information. nw+|cu would like to take this time to remind you of the services offered that can help you keep an eye on your nw+|cu accounts and individual credit reports.
Enroll in online banking services. This allows you to review transaction and account information and can help you spot unauthorized activity quickly, any time of the day.
Download and utilize your Credit Unions mobile banking app. This gives you the resources to monitor your accounts on the go- 24/7.
Enroll in E-Statements. This service allows for secure delivery of your Credit Union periodic statement and eliminates the risk of your financial statement being stolen from your mailbox.
Enforce a code word on your financial accounts. When you call or come in to do any account related business, you will be asked to provide your unique code word in order to move forward with any requests. Make sure your code word is something only you will know and remember.
Enroll in nw+|cu’s Credit Sense. It is a free credit monitoring product in your online banking account that can detect changes in your credit score and history.
Remember, nw+|cu will never call, email or text you and request your personal or financial information. If you receive such a request from someone claiming to be from nw+|cu or any other financial institution, please refrain from handing over any information and call us immediately.
nw+|cu does offer a paid feature which provides comprehensive Identity protection plans for as low as $8 a month. For more information please visit our Kasasa Care site here
nw+|cu is committed to helping you understand the financial resources at your disposal. It is paramount that each of us continue to be stewards of our personal and financial information, enforcing preventative measures and taking actions to help mitigate financial exposure or exploitation.
Official Statement from the Office of the Washington State Auditor (SAO) 2/1/2020
The Office of the Washington State Auditor (“SAO”) was recently made aware of a security breach involving Accellion, a third party provider of hosted file transfer services. During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file transfer service. Some of the SAO data files contained personal information of Washington state residents who filed unemployment insurance claims in 2020. The compromised files may also include the personal information of other Washington residents who have not yet been identified but whose information was in state agency or local government files under review by the SAO.
This matter is under ongoing investigation by SAO. SAO is committed to providing timely and accurate information about what happened and who is affected when available, as permitted and appropriate. As such, this page will be updated from time to time on the SAO website as SAO obtains additional information.
What happened: SAO is advised that an unauthorized person was able to exploit a software vulnerability in Accellion’s file transfer service and gain access to files that were being transferred using Accellion’s service. Accellion stated that they believe the unauthorized access occurred in late December of 2020. Other customers of this Accellion service were similarly impacted. SAO is currently seeking a full understanding of the timeline of the incident and the status of Accellion’s investigation and the investigation by law enforcement. At this time, SAO does not have enough information to draw conclusions about the timing or full scope of what took place. It was not until the week of January 25, 2021, that Accellion confirmed to SAO that SAO files were subject to this attack and provided the information needed for SAO to begin to identify which data files were impacted and individuals whose personal information is in those files.
What information was involved? The data files are voluminous and SAO is in the process of reviewing the impacted files to identify the types of data, agencies, and individuals involved. SAO will provide updates about the types of information involved as soon as that information becomes available through the investigation. At this time, SAO has determined that data files from the Employment Security Department (ESD) were impacted. These ESD data files contained unemployment compensation claim information including the person’s name, social security number and/or driver’s license or state identification number, bank account number and bank routing number, and place of employment.
Data files from some local governments and other state agencies were also affected. SAO is diligently reviewing all potentially accessed data files to identify which agencies’ and local governments’ files were impacted and to determine whether those data files contained personal information. SAO will provide updates on these efforts and notify the individuals, agencies, and local governments as soon as possible.
Resources SAO will provide: SAO will make resources available to help each affected individual take measures to protect their identity. SAO is currently in the process of arranging for such services and will post that information as soon as it is available.
Resources you can use to help protect your identity: If you believe that your information may have been contained within SAO’s files, you can also take other actions to reduce the chances of identity theft or fraud on your accounts, including reviewing your account statements and credit reports, notifying your financial institutions of any suspicious activity, and promptly reporting any suspected incidents of identity theft to law enforcement, the state attorney general, and/or the Federal Trade Commission.
Free Credit Report – You may also obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228 or by completing an Annual Credit Report Request form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta GA 30348. You can also contact one of the national credit reporting agencies:
Fraud Alert – You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
Credit Freeze – In some states, you have the right to put a security freeze on your credit file. This will prevent new credit from being opened in your name without the use of a PIN that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. There is no fee to place, lift, or remove the security freeze. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you, including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.
Federal Trade Commission – You can obtain information from the consumer reporting agencies, the Federal Trade Commission (FTC), or from the Attorney General about steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state. Here is the contact information for the FTC:
SAO takes cyber security very seriously and appreciates your patience as the investigation continues. Updates to this notice will be posted on this website as SAO learns additional information that may help you with this unfortunate situation.
For more information on the latest SAO data breach you can monitor their response page here.