The Washington state auditor’s office says one of its software vendors was breached, likely leading to files being accessed by “an unauthorized user.”

State Auditor Pat McCarthy disclosed what she termed “a security incident” in a statement to The Seattle Times on Friday evening, saying the problem involved Accellion, a “third party provider of software services.”

“Although the security incident occurred in December, the service provider only confirmed this week that some files were likely to have been accessed by an unauthorized user. Other organizations using the service provider’s software also were affected,” McCarthy said.

The state auditor’s office performs financial and accountability audits of state agencies and local governments. It is currently investigating how the Employment Security Department lost hundreds of millions of dollars to cyberfraudsters, including a Nigerian crime ring known as “Scattered Canary.”

The statement on Friday gave no details about what kind of information may have been compromised in this latest breach, including whether it included personal data that could be abused by fraudsters.

“We are continuing to work with the vendor, state cybersecurity officials, and law enforcement to investigate this matter and identify the affected files. As we learn more about the impact of this incident, we will provide information as is permitted and appropriate during an ongoing investigation,” McCarthy’s statement said.


Kathleen Cooper, an auditor’s office spokesperson, said she was not authorized to provide any additional information Friday.

A spokesperson for Accellion did not immediately respond to an email and phone message seeking comment.

The Insurance Building, right, closed due to Covid-19, is where the Washington State Auditor’s office is located next to the Capitol, seen Wednesday, Feb. 3, 2021 in Olympia. 216297

The Palo Alto, California-based company recently issued a statement disclosing another “security incident” involving one of its older software products that specializes in large computer file transfers.

That breach affected the Australian Securities and Investments Commission and the Reserve Bank of New Zealand, according to an Australian media report.

McCarthy, a Democrat, is an independent statewide elected official who was elected to a second term in November.