Washington SAO Data Breach
It’s known that Accellion’s popular File Transfer service FTA had a zero-day bug, which was exploited by threat actors since last year to access data belonging to several companies including government agencies. The Accellion’s software is used by customers for transferring files securely with outsiders, thus needed much attention for security. Exploiting the bug in it lead many of its clients to experience data breaches, from Reserve Bank of New Zealand to Harvard Business School to Australian Securities and Investments Commission (ASIC). Now, a new victim joined the list affected by the same cause, it is the Washington State Auditor Office (SAO). The SAO has put out a security breach notification on its website saying that it was a victim of this attack, which was informed by Accellion on January 25th. It said the breach has happened in late December last year, where it’s now seeking more information about the incident timeline and status of the investigation. The FTA bug was patched immediately by pushing a patched update in mid-December, and those who updated could have been safe. It’s still investigating to know more about the incident and reveal new victims if found.