Emerging Breach Reports for Washington Unemployment
Over the past several days, we have received reports of a suspected breach involving social security numbers. There may be a state of Washington service that has been compromised, although that is highly speculative on our part as we do not have a confirmation of correlation. So far, we have seen false unemployment requests which were filed on behalf of individuals, and in this case, have only been caught after the employer has been questioned about the unemployment requests.
We advise proactively monitoring your list of employees making an unemployment claim through the Employment Security Department. This may include creating an account on ESD and following up with employees individually depending on their situation.
Here are five steps you can take to add extra layers of security:
- Have I Been Pwned: Here is the link to the “Have I been Pwned?” site that you can use to see if your personal email address has been compromised: https://haveibeenpwned.com/
- MFA: We highly recommend setting up MFA (multi-factor authentication) for all of your accounts, both at work and for personal use as an extra layer of security.
- Credit Freeze: A good proactive measure is to add a credit freeze: Credit Freeze FAQs
- DarkWeb ID: We are able to monitor up to 10 personal accounts using DarkWeb ID for $10 / mo. Let us know if you would like to implement DarkWeb ID for any personal email accounts. We can also run a free report for accounts associated with your primary domain.
- LastPass Teams: One way to overcome the challenges of remembering passwords, recycling passwords, and using weak passwords is to use a password manager, such as LastPass. LastPass Teams is $4/user/mo. Using a password manager helps control passwords if there is an employee exit and allows you to quickly pass along credentials to new employees joining your team. SWAT can help set up LastPass Teams for you. If you would like us to move forward, please send a ticket to firstname.lastname@example.org to get started. Aside from work, we encourage users to use LastPass (the free edition is fine) for personal password management.
If you have any questions or concerns about emerging threats or possible breaches, please contact us. We look forward to helping your company protect its data and employees.