Bismarck, ND – North Dakota Workforce Safety & Insurance (WSI) recently announced that it was a victim of a cyber security attack on June 28, 2022, which involved personal data.
A WSI employee noticed unusual activity on their computer after opening an email attachment and reported the incident to the WSI Help Desk. At that time the computer was secured and removed from the state network. WSI immediately contacted North Dakota Information Technology (NDIT), who referred the incident to the NDIT Cyber Analysis and Response team. This team recently completed a forensic analysis of the computer.
The analysis determined that the sophisticated phishing attack was isolated to a single computer and did not spread onto the state network. There is evidence that the cyber attacker gained access to personal data in the employee’s email through the email attachment that contained malicious code.
WSI reviewed the data in the emails and determined the emails did contain personal information of 182 injured employees. WSI notified those affected by the incident to provide information about the attack and to offer identity theft protection services.
North Dakota uses controls to identify and remediate threats in a timely manner, in order to minimize the risk of a similar incident in the future.
WSI has also published an FAQ (PDF) about the incident.
Source: ND WSI