The incident occurred on June 28, when a WSI employee opened a malicious email attachment. The successful phishing attempt let attackers access information in the recipient’s emails and voicemails. Those messages included personal details related to processing 182 individuals’ injured employee claims, and the agency reached out to notify the affected individuals, WSI said in an FAQ about the incident.
“These emails contained information received and sent by a claims adjustor to process injured employee claims including emails to and from WSI employees and business partners,” the agency stated. “We know that the attackers had access to personal information in the emails. We cannot verify what information was actually taken because of the attacker’s use of anti-forensic techniques. It is unknown how the attackers will use the information.”
The state was able to detect the incident in time to contain the damage.
After opening the malicious attachment, the WSI employee detected “unusual activity” on their computer and informed the WSI Help Desk. Their computer was then “secured and removed from the state network,” and WSI connected with the North Dakota Information Technology (NDIT) Cyber Analysis and Response team, which conducted a forensic analysis of the impacted device, WSI said.
NDIT determined that the rest of the state network was spared from the attack, which did not spread beyond the initial computer.
WSI said it is offering impacted employees 12 months of identity theft protection, fully managed identity theft recovery services and a $1 million insurance reimbursement policy for identity theft losses. Data breach and recovery services firm IDX is providing these services.