Minami Tamaki LLP is investigating reports of a data breach tied to Accellion, Inc. (“Accellion”), a Palo Alto, California-based file transfer and service company.  

Accellion’s flagship product, File Transfer Appliance (“FTA”), is a platform used for “secure” third-party transfers of computer files.  In January 2021, Accellion reported that unauthorized third parties had infiltrated the FTA platform used by numerous companies and organizations.  Accellion described FTA as “a 20-year-old product nearing end-of-life.” 

Supermarket chain Kroger announced on February 19, 2021, that an unauthorized person gained access to Kroger files by exploiting a vulnerability in Accellion’s file transfer service.  Accellion confirmed unauthorized access to the data and personal information of Kroger Health and Kroger Money Services customers.  Kroger announced that it has discontinued the use of Accellion’s services, reported the incident to federal law enforcement, and initiated its own forensic investigation to review the potential scope and impact of the incident.    

Washington State officials have announced that the data of more than one million residents was exposed through the Accellion data breach within the Office of the Washington State Auditor.  Washington State residents have alleged that the data breach revealed their personal information, including their name, social security number and/or driver’s license or state identification number, bank account number and bank routing number, and place of employment. 

Accellion previously announced a security breach at the University of Colorado.  The exposed data may include the personally identifiable information of students, prospective students, and employees.  Health and clinical data and research data may also have been exposed through the data breach.

Other entities reportedly impacted by the Accellion data breach include the law firm Jones Day, the Reserve Bank of New Zealand, and the Australian Securities and Investments Commission.

Accellion contends that it was the target of a sophisticated cyberattack.  However, critics allege that it failed to properly secure its platform and continued to market and sell the FTA product knowing it was outdated and vulnerable. 

Companies and organizations who have suffered these data breaches are in the process of notifying affected individuals.  If you were impacted by an Accellion data breach and wish to discuss this matter, you may contact Minami Tamaki Consumer and Employee Rights Group attorneys Sean Tamura-Sato, Lisa Mak, and Claire Choo at (415) 788-9000 or through our online form.  We look forward to the opportunity to speak with you.