Cyber Incident Victim: Boston-based labor union's health fund

A cyberattack discovered on February 7, 2023, targeting the Boston-based Pipefitters Local 537 labor union’s health fund resulted in the theft of $6.4 million. Union business manager Daniel O’Brien confirmed the incident in a message to members, clarifying that no personal information or benefits were compromised. Federal and local law enforcement agencies were immediately notified, and the union retained a cybersecurity forensic investigator to assist with the investigation. O’Brien emphasized the health fund remained financially stable despite the loss, noting it was insured and expressing law enforcement’s optimism about recovering the majority of stolen funds. The FBI’s Boston field office declined to comment on the ongoing case. Union leadership implemented immediate measures, including enhanced employee cybersecurity training and revisions to the health fund’s wiring procedures to prevent future incidents.

Investigators classified the breach as a social engineering attack, with third-party cybersecurity experts and private investigators concluding no technical breach or hacking of the fund’s email server occurred. O’Brien urged members to exercise caution with online and social media activity, highlighting these platforms as vectors for criminals gathering targeting intelligence. The union, representing approximately 3,000 pipefitters, welders, and HVAC-refrigeration workers, maintained regular operations and benefits throughout the incident. While the direct financial impact was significant, the absence of data exfiltration or member information compromise distinguished it from contemporaneous attacks against critical infrastructure and governments referenced in the union’s statement. Recovery efforts focused on collaboration with law enforcement and insurers, with no public disclosure of specific threat actors or technical attack methodologies.