August 24, 2022

Employee info exposed after North Dakota phishing attack

Threat actors appear to have accessed personal data on 182 injured employees, North Dakota’s department of Workforce Safety & Insurance (WSI) announced on Aug. 19.

The data secutity incident occurred on June 28, when a WSI employee opened a malicious email attachment. The successful phishing attempt let attackers access information in the recipient’s emails and voicemails. Those messages included personal details related to processing 182 individuals’ injured employee claims, and the agency reached out to notify the affected individuals, WSI said in an FAQ about the incident:

These emails contained information received and sent by a claims adjustor to process injured employee claims including emails to and from WSI employees and business partners.
We know that the attackers had access to personal information in the emails. We cannot verify what information was actually taken because of the attacker’s use of anti-forensic techniques. It is unknown how the attackers will use the information.

The state was able to detect the incident in time to contain the damage.

NDIT determined that the rest of the state network was spared from the attack, which did not spread beyond the initial computer.

WSI said it is offering impacted employees 12 months of identity theft protection, fully managed identity theft recovery services and a $1 million insurance reimbursement policy for identity theft losses. Data breach and recovery services firm IDX is providing these services.

Recently, the notorious LockBit hacker group has claimed responsibility for the June ransomware attack on digital security giant Entrust.