Cyber-attack on state server may impact WSI information

June 2015

July, 2015

Workforce Safety & Insurance (WSI) mailed letters to employers and employees, whose address was known, about the breach.

June 26, 2015

Workforce Safety & Insurance (WSI) has contracted with AllClear ID Inc. to provide identity repair services to individuals who may have been affected by the cyber-attack on a State of North Dakota Information Technology Department server announced on June 12th, 2015.

WSI contracted with All Clear ID, a nationally-recognized company that specializes in identity protection services. AllClear ID will provide credit repair services, free of charge, to any affected individuals. AllClear ID is available to answer any questions regarding the security breach, toll-free at 1-855-861-4022. The number is available for calls from 8:00 a.m. until 8:00 p.m. CDT Monday through Saturday.

June 19, 2015

WSI has secured AllClear, a nationally recognized company that specializes in identity protection services, to provide credit repair services, free of charge to all affected individuals. A call center will be established and 800 number available by Friday, June 26th.

The team at AllClear ID will be available if you need help protecting your identity. If a problem arises, simply call AllClear ID and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper condition. AllClear ID maintains an A+ rating at the Better Business Bureau.

June 12, 2015

If you have any questions please contact WSI customer service at (701) 328-3800 - Toll-Free: 1-800-777-5033

The North Dakota Information Technology Department (ITD) informed Workforce Safety & Insurance (WSI) that a security breach occurred on an ITD hosted server.

After ITD noted unusual activity on a server, the compromised server was secured and the data was locked down. ITD contacted their federal partner, the Multi-State Information Sharing and Analysis Center, who works in conjunction with the Department of Homeland Security, to perform additional testing on the server. ITD notified WSI of the security breach on June 10th. Within hours of notification, WSI reviewed the server contents and determined that personally identifiable information was stored on the compromised server.

As of now, there is no evidence that the cyber attacker moved any of this data off the server or duplicated any of this personal information.

No injured worker claim file information was contained on the compromised server. Only the information from online filed Incident Reports and Payroll Reports may be at risk.

The data at risk was information filed online to WSI by employers and workers from 2006 through 2013 involving approximately 43,000 Incident Reports and 13,000 Payroll Reports. The compromised server contained personal information of workers and employers such as social security numbers and other identifiable information.

ITD and WSI are working with a nationally recognized company that specializes in identity repair services. WSI will use all practical means to notify those affected by the incident. Additional details will be provided both online and to the media as they become available.

WSI will establish a call center with the identity repair service vendor. Affected individuals will be provided free identity repair services by the vendor for one year for those who call the vendor to request it.

For more information, visit www.WorkforceSafety.com/security . You can also find a link directly from the WSI homepage. The latest updates and FAQ’s will be posted on the WSI website as well.

Frequently Asked Questions

Who should I contact if I have any questions concerning this security exposure?

Please contact the AllClear ID call center at 1-855-861-4022. WSI’s website will be updated with any new information we receive. 

What information was involved?

Approximately 43,000 Incident Reports and 13,000 Payroll Reports reported to WSI between 2006 and 2013 were potentially affected. Only Incident Reports and Payroll Reports filed online may be at risk.

These reports may include the following information on individuals: name, social security number, birth date, description of injury, description of incident, name of employer, and employer address. These reports do not include any medical information.

Who was responsible for the security of my information?

Workforce Safety & Insurance and the Information Technology Department are responsible for the security of the information. They take their responsibility very seriously and have multiple levels of security in place to protect your information. Just like in a home or business, even the best security systems are not a guarantee that criminals will be stopped. The North Dakota Highway Patrol, North Dakota Bureau of Criminal Investigation and the North Dakota State & Local Intelligence Center have been notified of this crime.

Was claim information exposed?

There is no indication there is any risk to claim file information. This information is located on other servers within the ITD system. Claim files include personal, medical, and wage information.

How is WSI responding?

ITD and WSI are working with AllClear ID, a nationally recognized company, that specializes in handling similar incidents. Through our partnership with this company, a call center has been setup and identity repair services will be provided to affected individuals.

WSI used all practical means to notify those affected by the incident.

Since 2013 the online processes were changed, which resulted in improved security.

Does this mean someone stole my personal information?

Currently, we know that the attackers had the potential to access personal information on the server; however, there is no evidence that any of the information was actually moved off the server or duplicated.

What is an Incident Report?

An Incident Report is a notice that an occurrence happened which could result in a claim. It contains an employee’s name, date of birth, and social security number. It also contains descriptions of the injury and incident as well as employer information. Not all reports are complete, meaning that the affected incident reports may not contain all this information. Only incident reports filed online were affected. 

What is a payroll report?

An annual report submitted by an employer records employee payroll information. Information included in this report includes: Federal Tax ID Number, payroll period, employer account number, owner(s)/officer(s) information, employee classification code, employee social security numbers, employee name and gross payroll.

Are your current online reporting services secured?

Since 2013 the online services were changed, which resulted in improved security.

WSI takes security of personal information seriously. As cyber threats are evolving and pervasive, WSI and ITD are continuously working to identify and mitigate threats when they occur.

How was this incident discovered?

On May 29th, ITD noted unusual activity on a web server. ITD immediately secured the server, and locked down the data. ITD also contacted their federal cyber security partner, the Multi-State Information Sharing and Analysis Center, who works in conjunction with the Department of Homeland Security, to assist in conducting forensics on the server. Forensics revealed evidence that the cyber attackers had compromised the server.

During the investigation, it was determined the nature of the compromise could pose a risk to the WSI data on the server and on June 10th ITD contacted WSI. Within hours of notification, WSI reviewed the server contents and determined that personally identifiable information was stored on the compromised server.

Is the exposed information still at risk of disclosure to an unauthorized person?

After ITD noted unusual activity on a server, the compromised server was secured and the data was locked down.

What can I do to protect myself?

We are offering identity repair services for the next 12 months at no cost to those who we know are affected by this incident. This will help you resolve any possible misuse of your personal information and provides you with superior identity repair services focused on immediate resolution of identity theft.

In addition, you can also review your credit reports to look for any unusual activity. To get your free report, go to https://www.annualcreditreport.com/. To track your credit throughout the year, you can request a free credit report from one of the three credit bureaus. You can also request a free initial fraud alert to be placed on your credit files by contacting any one of the three major credit bureaus: