Cyber Incident Victim: Boston labor union

A cyberattack targeting the Pipefitters Local 537 labor union's health fund was discovered on February 7, 2023, resulting in the theft of $6.4 million. Union business manager Daniel O'Brien notified members that federal and local law enforcement agencies were immediately alerted to the incident, while the union retained a cybersecurity forensic investigator to examine the breach. Officials determined the attack utilized social engineering methods rather than technical system vulnerabilities, with investigators concluding there was no evidence of unauthorized access to the fund office's email servers. The investigation confirmed that personal information of the union's approximately 3,000 members—including pipefitters, welders, and HVAC-refrigeration workers—remained uncompromised throughout the incident. O'Brien reassured members that their benefits remained unchanged and emphasized the health fund's continued financial stability despite the theft.

Law enforcement expressed optimism about recovering the majority of stolen funds, supplemented by the health fund's existing insurance coverage. In response to the attack, the union implemented enhanced cybersecurity training for all employees and revised wire transfer authorization protocols to prevent future incidents. O'Brien advised members to exercise caution with their online and social media presence, noting these platforms provide cybercriminals with reconnaissance opportunities. The union did not disclose specific technical details about fund transfer mechanisms exploited during the attack or identities of suspected threat actors. No further public updates were provided regarding the FBI's investigation, as the agency declined to comment when contacted by media.