The Employment Security Department (ESD) of Washington State experienced a data breach between October 25, 2023, and November 20, 2023, due to a spoofing scam. The incident impacted 541 residents, exposing their personal information, including names, the last four digits of Social Security numbers, full dates of birth, and medical details. The breach was officially reported on February 6, 2024. The compromised data, though partial, poses risks of identity theft, financial fraud, and medical fraud, as attackers could exploit the exposed details for malicious purposes. While the breach did not involve full Social Security numbers, the combination of personally identifiable information (PII) and medical records heightens the potential for targeted phishing, credential stuffing, or fraudulent activities. The ESD has likely initiated notifications to affected individuals, advising them to monitor financial and medical accounts for suspicious activity. The incident underscores vulnerabilities in government systems against social engineering attacks, raising concerns over public trust in state-managed data security.
TPRM report: https://www.rankiteo.com/company/employment-security-department
"id": "emp025091825",
"linkid": "employment-security-department",
"type": "Breach",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '541 residents',
'industry': 'Public Administration / Employment '
'Services',
'location': 'Washington State, USA',
'name': 'Employment Security Department (ESD) of '
'Washington State',
'type': 'Government Agency'}],
'attack_vector': 'Spoofing',
'customer_advisories': 'Public notification issued to affected individuals '
'(presumed, based on disclosure)',
'data_breach': {'number_of_records_exposed': '541',
'personally_identifiable_information': ['names',
'last four digits of '
'Social Security '
'numbers',
'full dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2024-02-06',
'description': 'The Employment Security Department (ESD) of Washington State '
'reported a data breach involving a spoofing scam that '
'affected 541 Washington residents. The breach may have '
'compromised personal information, including names, last four '
'digits of Social Security numbers, full dates of birth, and '
'medical information.',
'impact': {'data_compromised': ['names',
'last four digits of Social Security numbers',
'full dates of birth',
'medical information'],
'identity_theft_risk': 'High (PII exposed)'},
'response': {'communication_strategy': 'Public disclosure on 2024-02-06'},
'title': 'Washington State Employment Security Department (ESD) Spoofing Scam '
'Data Breach',
'type': 'Data Breach (Spoofing Scam)'}