Accellion Sued After Hack Exposes 1.6M Washington State Residents’ Data

Madalyn Brown sued cloud file-sharing company Accellion, Inc. after it reportedly experienced a breach that exposed information such as birthdates, addresses, and social security numbers of one of the Washington State Auditor’s Office (SAO) resident databases. Wednesday’s class action complaint alleged that Accellion knew its file transfer appliance (FTA) was “nearing end-of-life,” but continued to employ it nonetheless, allowing hackers to exploit a vulnerability therein.

The complaint explained that Accellion is a Palo Alto, California-based software company that specializes in cloud-based file sharing. Accellion allegedly developed, marketed, and sold its FTA for file-sharing convenience and to circumvent limits imposed on the size of email attachments.

The SAO was reportedly a client of Accellion’s, when, beginning in December 2020 and continuing into the new year, unauthorized individuals accessed the SAO’s files. The breached files reportedly contained the personally identifying information of Washington residents who filed unemployment insurance claims during 2020. The SAO was allegedly one of approximately 50 Accellion customers targeted in the attack. 

According to the complaint, Accellion’s failure to ensure that the FTA was adequately secure resulted in the unauthorized disclosure of the plaintiff and putative class members’ information. In turn, the filing claims that the victims are at a “heightened and imminent risk of fraud and identity theft,” and that they must now monitor their bank and credit card accounts closely. 

The two-count complaint alleges that the defendant was negligent and violated the Washington State Consumer Protection Act. The plaintiff requested class certification, a jury trial, injunctive relief, and damages.

The plaintiff is represented by HammondLaw P.C.