Cyber Incident Victim: State of Missouri
Date:
Dec 2025
Location:
United States of America
Summary
A cyberattack targeting Missouri's employee self-service portal compromised 47 workers' savings accounts, prompting its temporary shutdown and subsequent implementation of multi-factor authentication. The incident occurred amid ongoing cybersecurity challenges for the state, including prior breaches affecting conservation systems and disruptions to driver licensing and food benefits services, while proposed legislation seeks to eliminate an inactive cybersecurity task force that had never been operational due to gubernatorial inaction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23, 2025, Missouri’s Office of Administration shut down the Employee Self-Service (ESS) Portal following the detection of suspicious activity involving unauthorized attempts to access state employee savings account information. The ESS Portal served approximately 54,000 state employees—including Missouri Highway Patrol troopers, social service workers, and legislative staff—allowing them to manage health savings accounts, retirement plans, deferred compensation accounts, and time-off requests. A third-party vendor alerted the administration to the breach, which specifically targeted deferred compensation accounts designed to let workers defer income until retirement. Officials confirmed that 47 employee accounts were compromised out of the statewide workforce, though fraud protection systems blocked all unauthorized financial transactions. The portal remained offline for maintenance through early January 2026, forcing employees to navigate separate login pages for each service instead of using the centralized system.
The administration restored the ESS Portal on January 5, 2026, implementing multi-factor authentication to enhance security. This incident occurred amid revelations that neither former Governor Mike Parson nor current Governor Mike Kehoe had appointed any members to the Missouri Cybersecurity Commission since its establishment in 2021. The commission was legally mandated to meet quarterly, identify cybersecurity best practices, assess statewide vulnerabilities, and submit annual threat reports to the governor. Senator Mary Elizabeth Coleman introduced legislation (Senate Bill 890) on January 15, 2026, to eliminate the inactive commission alongside other state boards, arguing it had never functioned. Critics like House Minority Leader Ashley Aune opposed the move, emphasizing the persistent threat of cyberattacks and the state’s repeated vulnerabilities, including a March 2024 hack of the Department of Conservation’s permit systems and a July 2024 CrowdStrike outage that disrupted driver’s license renewals and WIC food benefits. The ESS breach marked at least the third major cybersecurity incident affecting Missouri agencies in under two years.