Ransomware attack may have exposed information on over 16,000 workers
Ransomware attack may have exposed information on over 16,000 workers, state says
BY MARTÍN BILBAO
JULY 02, 2021 12:29 PM
Play VideoDuration 0:42Become cyber savvy...protect against phishing attacks
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Here's how you can protect yourself from a phishing attack. BY HOMELAND SECURITY SCIENCE & TECHNOLOGY
Sensitive information on over 16,000 workers may have been exposed in a ransomware attack on a Renton market research company’s data system.
Pacific Market Research (PMR) “recently notified” the Washington state Department of Labor and Industries, one of its clients, about the May 22 attack, according to a Thursday L&I news release.
An unauthorized party accessed PMR’s network and encrypted their servers during the attack, affecting an L&I file with sensitive information, according to the release.
TOP ARTICLES
Jury returns verdict in lawsuit of man run over by Tacoma officer while lying in street
Jury returns verdict in lawsuit of man run over by Tacoma officer while lying in street
“PMR’s system contained one document that listed contact information, claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey on behalf of L&I,” the release says.
PMR notified L&I on June 4 and the department received additional information on June 9, said L&I spokesperson Rich Roesler in an email statement. However, the release says affected workers and their employers only just started being notified of the breach on Thursday — nearly a month after the first notification.
“It took the company some time to assess the scope of the incident and determine which documents were potentially at risk,” Roesler said. “Once notified, we worked as quickly as possible to arrange for the notifications and set up a call center to respond to detailed questions.”
L&I says the attack did not involve their own computer systems. For its part, PMR engaged an independent cybersecurity firm to investigate the incident, according to a statement from managing director Andrew Rosenkranz.
“The cybersecurity firm completed its independent investigation and found no evidence that any files on the Pacific Market Research network were accessed or removed from the network,” Rosenkranz wrote.
PMR says they usually encrypt all confidential client data, but the cybersecurity firm’s investigation found the L&I file had not been encrypted.
“Once this unencrypted file was identified, L&I was immediately notified of the incident,” Rosenkranz wrote. “After accessing the list to conduct the survey, we did not re-encrypt it. That was wholly our error and one for which we accept full responsibility.”
Today’s top headlines
Sign up for the Afternoon Update and get the day’s biggest stories in your inbox.
Enter Email Address
SIGN UP
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Although PMR believes the unauthorized party did not access or take the L&I file, it cannot be totally certain, according to the release.
“The document did not contain medical information, social security numbers, bank or credit card information or other personal information,” Rosenkranz wrote.
L&I and PMR are notifying the affected workers by mail and offering 12 months of free credit monitoring, according to the release. PMR says it is paying for the costs of the notifications and credit monitoring.
The document also included L&I account numbers for 9,400 employers, per the release. Although this information is already public, L&I says they are notifying the workers’ employers by mail.
Roesler said L&I has not been involved in PMR’s response to the ransomware attack. He said the department is focused on notifying the affected workers.
“We also plan to put our customer experience surveys on hold so we can fully review how our data is protected and whether we can resume these sorts of surveys while keeping customer data safe,” Roesler said.
PMR managed to restore their entire file server through their backup systems, according to Rosenkranz, and the incident has been reported to law enforcement.
“We know that malicious cyber-attacks like what we experienced are affecting businesses around the world and governments at all levels,” Rosenkranz wrote. “As a result of the incident, we’ve taken immediate action to harden our network, including implementing additional security measures.”
BY MARTÍN BILBAO
JULY 02, 2021 12:29 PM
Play VideoDuration 0:42Become cyber savvy...protect against phishing attacks
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Here's how you can protect yourself from a phishing attack. BY HOMELAND SECURITY SCIENCE & TECHNOLOGY
Sensitive information on over 16,000 workers may have been exposed in a ransomware attack on a Renton market research company’s data system.
Pacific Market Research (PMR) “recently notified” the Washington state Department of Labor and Industries, one of its clients, about the May 22 attack, according to a Thursday L&I news release.
An unauthorized party accessed PMR’s network and encrypted their servers during the attack, affecting an L&I file with sensitive information, according to the release.
TOP ARTICLES
Jury returns verdict in lawsuit of man run over by Tacoma officer while lying in street
Jury returns verdict in lawsuit of man run over by Tacoma officer while lying in street
“PMR’s system contained one document that listed contact information, claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey on behalf of L&I,” the release says.
PMR notified L&I on June 4 and the department received additional information on June 9, said L&I spokesperson Rich Roesler in an email statement. However, the release says affected workers and their employers only just started being notified of the breach on Thursday — nearly a month after the first notification.
“It took the company some time to assess the scope of the incident and determine which documents were potentially at risk,” Roesler said. “Once notified, we worked as quickly as possible to arrange for the notifications and set up a call center to respond to detailed questions.”
L&I says the attack did not involve their own computer systems. For its part, PMR engaged an independent cybersecurity firm to investigate the incident, according to a statement from managing director Andrew Rosenkranz.
“The cybersecurity firm completed its independent investigation and found no evidence that any files on the Pacific Market Research network were accessed or removed from the network,” Rosenkranz wrote.
PMR says they usually encrypt all confidential client data, but the cybersecurity firm’s investigation found the L&I file had not been encrypted.
“Once this unencrypted file was identified, L&I was immediately notified of the incident,” Rosenkranz wrote. “After accessing the list to conduct the survey, we did not re-encrypt it. That was wholly our error and one for which we accept full responsibility.”
Today’s top headlines
Sign up for the Afternoon Update and get the day’s biggest stories in your inbox.
Enter Email Address
SIGN UP
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Although PMR believes the unauthorized party did not access or take the L&I file, it cannot be totally certain, according to the release.
“The document did not contain medical information, social security numbers, bank or credit card information or other personal information,” Rosenkranz wrote.
L&I and PMR are notifying the affected workers by mail and offering 12 months of free credit monitoring, according to the release. PMR says it is paying for the costs of the notifications and credit monitoring.
The document also included L&I account numbers for 9,400 employers, per the release. Although this information is already public, L&I says they are notifying the workers’ employers by mail.
Roesler said L&I has not been involved in PMR’s response to the ransomware attack. He said the department is focused on notifying the affected workers.
“We also plan to put our customer experience surveys on hold so we can fully review how our data is protected and whether we can resume these sorts of surveys while keeping customer data safe,” Roesler said.
PMR managed to restore their entire file server through their backup systems, according to Rosenkranz, and the incident has been reported to law enforcement.
“We know that malicious cyber-attacks like what we experienced are affecting businesses around the world and governments at all levels,” Rosenkranz wrote. “As a result of the incident, we’ve taken immediate action to harden our network, including implementing additional security measures.”
