Cyber Incident Victim: Workforce Safety & Insurance

On June 28, 2022, Workforce Safety & Insurance (WSI) experienced a cybersecurity incident involving unauthorized access to personal data. The attack began when a WSI employee opened a malicious email attachment, triggering unusual activity on their computer. The employee promptly reported the anomaly to the WSI Help Desk, leading to immediate containment measures where the affected device was secured and disconnected from the state network. WSI escalated the incident to North Dakota Information Technology (NDIT), which activated its Cyber Analysis and Response team for investigation. Forensic analysis later confirmed the attack originated from a sophisticated phishing attempt via the compromised email attachment. The malicious code embedded in the attachment facilitated unauthorized access to the employee’s email account but did not propagate beyond the single workstation.

The forensic review determined the attacker exfiltrated personal information contained within the employee’s emails, specifically affecting 182 injured workers covered by WSI. Following this confirmation, WSI conducted a targeted review of the compromised emails to identify impacted individuals and assess the scope of exposed data. The organization directly notified all 182 affected parties, detailing the breach and offering complimentary identity theft protection services. NDIT emphasized that existing security controls limited the attack’s spread and enabled rapid containment, with no evidence of lateral movement onto the broader state network. North Dakota authorities reiterated their reliance on established threat detection and remediation protocols to reduce future risks, though no additional technical safeguards or policy changes were disclosed in the aftermath.