Cyber Incident Victim: Laborers International Union of North America Local 1098
Date:
Feb 2022
Location:
United States of America
Summary
Laborers International Union of North America Local 1098 experienced a data breach after an unauthorized party accessed an employee email account over a two-month period, compromising sensitive information including names, Social Security numbers, driver's license numbers, state identification details, and financial account data for 23,746 individuals. The union detected suspicious activity and engaged cybersecurity specialists to investigate, confirming the exposure and reviewing affected files. Notification letters were subsequently sent to impacted parties. Based in Saginaw, Michigan, the organization represents construction industry workers and operates as part of a larger North American union network.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 27, 2022, Laborers International Union of North America Local 1098 (LIUNA Local 1098) detected suspicious activity within an employee's email account, prompting an immediate investigation with third-party cybersecurity specialists. The investigation confirmed unauthorized access to the email account occurred over a two-month period from February 27, 2022, through April 27, 2022. Following this discovery, LIUNA Local 1098 conducted a comprehensive review of all affected files within the compromised email account to identify the specific individuals impacted and the types of sensitive information exposed. The forensic analysis revealed that the unauthorized party potentially accessed personal information including full names, Social Security numbers, driver's license numbers, state identification numbers, and financial account details. On July 26, 2022—exactly three months after detecting the breach—LIUNA Local 1098 formally reported the incident to various state government agencies and publicly disclosed the breach through a Notice of Data Incident posted on its website. The union confirmed that the personal data of 23,746 individuals was compromised during the two-month intrusion period.
LIUNA Local 1098, a Saginaw, Michigan-based labor union representing construction workers and affiliated with the 500,000-member Laborers' International Union of North America, initiated individual notifications to all affected parties via mailed data breach letters starting July 26, 2022. The breach notification process commenced only after the completion of the forensic investigation, which included determining the precise scope of compromised data and verifying contact information for impacted individuals. While the union did not disclose technical details about how the email account was compromised or whether multi-factor authentication was in use, its public statements emphasized collaboration with cybersecurity experts throughout the containment and assessment phases. The exposed data categories—particularly Social Security numbers and financial account information—created significant risks of identity theft and financial fraud for victims, though the union's filings did not indicate any confirmed instances of misuse at the time of disclosure. No ransomware involvement, data exfiltration methods, or threat actor attribution details were disclosed in the public notifications or regulatory filings.