Cyber Incident Victim: Wisconsin Department of Workforce Development
Date:
Oct 2020
Location:
United States of America
Summary
The Wisconsin Department of Workforce Development experienced unauthorized intrusions into its unemployment system, part of a multi-state incident involving attackers from Japan, South Korea, Russia, and the U.S. The breaches, attributed to credential stuffing attacks, compromised 116 active accounts, leading to the exposure of sensitive banking information. The department confirmed the incidents after detecting the unauthorized access, highlighting vulnerabilities in the state's unemployment infrastructure without specifying further details on the scope or additional impacts beyond the account compromises and data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2020, the Wisconsin Department of Workforce Development (DWD) disclosed a cyber attack targeting its unemployment insurance (UI) system. The department confirmed that Wisconsin was among multiple states experiencing unauthorized intrusions into state UI data, with malicious activity originating from IP addresses in Japan, South Korea, Russia, and domestic locations within the United States. Investigators identified the attack method as credential stuffing, a technique where attackers use previously compromised username-password pairs to gain unauthorized access to accounts. The DWD reported that the intrusion successfully compromised 116 active unemployment insurance accounts. During the breach, attackers accessed sensitive banking information associated with these accounts, though the specific types of financial data exposed were not detailed in public statements. The department did not specify the exact timeframe of the intrusions but indicated they were detected through security monitoring systems. No evidence suggested broader system-wide data extraction beyond the compromised accounts.
The incident directly impacted individuals whose UI accounts were breached, exposing their banking details to potential misuse. The DWD did not publicly disclose whether stolen information was actively exploited or if affected claimants experienced financial fraud or identity theft as a result. While Wisconsin authorities confirmed coordination with other affected states, they did not elaborate on collective response measures or identify the other jurisdictions involved. The department’s public statements focused on confirming the attack’s scope and method without detailing specific containment actions, remediation steps for victims, or technical safeguards implemented post-incident. The breach highlighted vulnerabilities in UI systems during a period of heightened unemployment claims due to the COVID-19 pandemic, though Wisconsin officials did not attribute the attack to any specific threat actor or motive beyond credential exploitation.