I was talking with someone yesterday. The computer systems that WA State uses are byzantine. There is an old core of COBOL running on a mainframe and then there are various "clown suits" - shades of a digital Matryoshka Doll. Each new call to upgrade the system does nothing to start from scratch, all they do is add another layer. The last time I looked into this was a little over ten years ago but it had been that for 30 years and I suspect that it is still the same.
From localized news source: patch.com/Renton, WA:
Hackers Steal Data Of 1.6 Million WA Unemployment Applicants
The Office of the Washington State Auditor confirms that a data broach may have exposed the data of the more than one million Washingtonians who applied for unemployment last year.
The news is the latest development in a long debacle for Washington state's unemployment system — one which began during the massive spike in unemployment at the start of the pandemic. As thousands of Washingtonians lost their jobs last spring and started filing for unemployment, scammers saw an opportunity. They filed an estimated 122,000 "known or probable" fraudulent claims with Washington's Employment Security Department (ESD) which ended up paying the scammers a combined $600 million.
The theft was discovered shortly afterwards, and the ESD has since reworked their vetting process for new claims and recovered $250 million of the stolen money.
To learn more about how those scammers slipped through the cracks, the State Auditor was tasked with investigating the ESD — which is why the auditor's office had the unemployment data that hackers have now stolen.
According to the SAO, the breach is partially the fault of Accellion, a third party provider the office had been using to transfer files. Hackers reportedly used a software vulnerability to access files that were being transferred by Accellion's service sometime in late December.
Sigh... Nothing changes...
Leave a comment