If you filed for unemployment in Washington last year, be sure and check your inbox in the coming weeks.

State Auditor Pat McCarthy’s office plans to send individual notifications to an estimated 1.3 million people whose personal information was exposed in a massive data breach disclosed this month.

The notifications will be sent by email over the next two weeks — and will include information about identity theft protection and an individual code for a year of free credit monitoring, the auditor’s office said in a news release Thursday.

In an email to state lawmakers, McCarthy advised people to check their inboxes and junk mail folders over the next two weeks, saying all notifications should arrive by March 9.

The data breach, the result of vulnerabilities in a file-transfer service sold by California tech company Accellion, exposed detailed personal information in unemployment claims, including names, Social Security numbers, dates of birth, street and email addresses and bank account information.

That type of information is frequently sold by hackers to cybercriminals, who can use it to steal identities and create other financial headaches for victims.


The data taken from the state auditor had been gathered for an investigation of what went wrong last year when the state Employment Security Department lost hundreds of millions of dollars to fraudulent unemployment claims.

Accellion’s system was compromised in December, the company has said. In addition to the Washington state data, multiple companies and institutions had files exposed, including the Kroger grocery chain, the University of Colorado and the Jones Day law firm.

Multiple class-action lawsuits have already been filed over the data breach in Washington and California against Accellion, with one also naming the auditor’s office.

The breach is under investigation by the auditor’s office and by state and federal law enforcement agencies.

For more information on the breach and on the state’s response, visit www.sao.wa.gov/breach2021/