Cyber Incident Victim: Willdan Group

On December 15, 2020, Willdan Group discovered its subsidiary Lime Energy had been targeted in a cyberattack that infected portions of its computer network with malware. The company immediately took affected systems offline and engaged third-party forensic specialists to investigate the incident's nature and scope. By March 1, 2021, the investigation confirmed unauthorized access to certain files on Lime Energy's systems, which were subsequently published online by the attackers. The ransomware group Conti claimed responsibility for the breach in February 2021 and released over 136 GB of data comprising 97,000 files on March 1, 2021. Willdan initiated an extensive review of the compromised files to identify impacted individuals and data types, engaging a third-party firm to conduct programmatic and manual analysis of the large dataset. Internal database reviews concluded by June 18, 2021, confirming the presence of personal information in affected folders.

The compromised data included variable combinations of names, Social Security numbers, driver's license numbers, medical diagnoses/treatment details, financial account numbers, routing numbers, payment card numbers with CVV codes, and biometric data. Willdan found no evidence of actual misuse of the information but notified potentially affected individuals starting June 18, 2021, as a precautionary measure. The company reinforced existing security protocols, implemented additional cybersecurity measures, and reported the incident to law enforcement authorities while cooperating with their investigation. A dedicated assistance line was established for impacted individuals to address inquiries, operational Monday through Friday from 6:00 a.m. to 8:00 p.m. PST and weekends from 8:00 a.m. to 5:00 p.m. PST. The response included comprehensive reviews of security policies and systems to prevent future incidents.