Accellion Inc. is to blame for a recent hack of the Washington State Auditor’s Office because it negligently marketed the outdated file transfer system targeted in the cyberattack, according to a new proposed class action filed in California federal court.
The WSAO announced earlier this month that a third party had compromised the personal identifying information of nearly 1.6 million Washington residents by exploiting vulnerabilities in Accellion’s file transfer product services.
Accellion’s File Transfer Appliance product, used by the state agency to host information about unemployment insurance claims, was outdated and nearing its end of life by 2020, according to Madalyn Brown’s Wednesday complaint. A footnote links to a Feb. 1 Accellion press release that referred to FTA as a 20-year-old legacy product.
Brown’s lawsuit alleges that the Palo Alto, Calif.-based software company negligently failed to ensure that its FTA product had the proper cybersecurity protocols to protect the personal identifying information transferred and received by the WSAO. She also accuses the company of violating the Washington State Consumer Protection Act. It was filed in the U.S. District Court for the Northern District of California.
She hopes to represent a class of Washington residents whose names, social security numbers, bank information, and other sensitive information was accessed in the cyber attack.
Causes of Action: Negligence; the Washington State Consumer Protection Act.
Relief: Declaratory and injunctive relief; damages with pre- and post-judgment interest; disgorgement; restitution; costs and fees.
Potential Class Size: 1.6 million individuals.
Response: Accellion didn’t immediately respond to a request for comment.
Attorneys: Hammond Law PC represents the proposed class.
The case is Brown v. Accellion, Inc., N.D. Cal., No. 21-cv-01155, complaint filed 2/17/21.