Despite all that companies do as data breach compensation, there are still thousands of people who are losing their jobs due to data breaches every day. Undoubtedly, data breaches are one of the most important reasons for what we know as the “Unemployment crisis”. However, the unreliability of official reports has turned data breaches to only reliable sources for determining how big this crisis is.
Details of the breach
As (SAO) stated last Monday, their investigations determine that 1.6 million people who had registered their information for unemployment claims have to deal with the dangers of the data leakage. Their data was stolen through one the Accellion’s File Transfer Appliance (FTA) applications security gaps. This software was designed to let organizations share sensitive documents with users outside their organization securely. They also have not mentioned anything about the data breach compensation process.
As SAO officers have stated:
“During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file-transfer service.”
The purpose of broadcasting about cyber-attacks is not to blame the victims, but there are few points that worth to be mentioned. Why one of the most secured software of a governmental organization should be such an easy target for hackers?
The other point is about the number of people whose information has been stolen. 1.6 million people. Washington is the capital of the United States. No one would ever admit that there are 1.6 million jobless humans who are living in one of the richest places all over the world. 1.6 million People who have expertise in a field but can’t make money. In such situations, data breach compensation is not enough for curing the wound. Data breach compensation should get effected for sure, but the required action is beyond what any cybersecurity researcher would be able to do.
The contents of the stolen data
The officers claimed that the stolen data contains personal information of Washington state residents who filed unemployment insurance claims in 2020. Therefore, some details about them containing their full name, social security number, drivers’ license, state identification number, bank account number, and bank routing number, and also their place of employment are in danger of being sold by vendors.
The full scope of this attack that has been occurred in late December of 2020 is still unclear. However, Accellion researchers claim that they are aware of all aspects of what they call “sophisticated cyberattack”. The attack has targeted their file transfer application.
Who is in charge of data breach compensation?
Usually, there are Crowdsourced cybersecurity researchers who are in charge of securing organizations’ minds. Accellion also has claimed that they are going to start collaborating with an “industry-leading cybersecurity forensics firm” to investigate the incident.
So, the data breach compensation process has begun. The other fact that we can be optimistic about, is that SAO officers are setting a plan to protect the identities of those whose information may have been contained within SAO’s files. Meanwhile, they have asked their clients to review their account statements and credit reports constantly, and consider any suspicious activity, and suspected incidents of identity theft as a warning that should be reported immediately.
What was the attack vector?
An attack vector is a path or device by which a hacker can access a computer or server to obtain a useful or malicious message. The attack vector enables hackers to exploit system vulnerabilities, including the human element. The human element can mean social engineering methods.
Hackers have used Accellion’s FTA software as an attack vector to strike two other organizations including the Australian Securities and Investments Commission (ASIC) and the Reserve Bank of New Zealand (RBNZ).