16,000 Washington Workers Data Exposed Following a Ransomware Attack


In a ransomware attack on a Renton market research company's data system, confidential information of over 16,000 employees might have been compromised. 

The Washington State Labor & Industries Department said the current cyber attempt could have revealed information of thousands of workers in Washington.

According to Pacific Market Research, L&I, one of its contractors, was affected by a ransomware attack on 22 May, that encrypted information saved on some of its servers. These statistics comprised information about contacts, claims, and birth dates of some 16,466 workers who submitted compensation claims for workers in 2019. 

L&I reports that the data were provided to Pacific Market Research to help perform a customer support survey. There were no medical, social security, banking, or credit card numbers included in the information. 

On 4th June, PMR alerted L&I and, according to L&I Spokesman Rich Roesler, the department received further information on 9th June. However, it is said that only on Thursday – almost a month after the very first notification – have the affected people and their employers begun to be informed of the violation. 

“It took the company some time to assess the scope of the incident and determine which documents were potentially at risk,” Roesler said. “Once notified, we worked as quickly as possible to arrange for the notifications and set up a call center to respond to detailed questions.” 

L&I asserts that their computer systems were not compromised in the attack. According to Managing Director Andrew Rosenkranz, PMR has hired an independent cybersecurity firm to examine the situation. 

The cybersecurity company has carried out its independent survey and found no indication of accessing or removing files from the network on the Pacific Market Research network. The PMR states that all confidential customer products are typically encrypted but the L&I file has not been encrypted as noted by the investigation of the cybersecurity company. 

“Once this unencrypted file was identified, L&I was immediately notified of the incident,” Rosenkranz wrote. “After accessing the list to conduct the survey, we did not re-encrypt it. That was wholly our error and one for which we accept full responsibility.” 

L&I and PMR notify the personnel concerned, through the mail, with the release providing free 12-month credit surveillance. PMR says it pays for notification fees and credit surveillance. 

Roesler stated L&I was not involved in PMR's ransomware response. He noted that the department is aimed at informing the employees involved. 

“We also plan to put our customer experience surveys on hold so we can fully review how our data is protected and whether we can resume these sorts of surveys while keeping customer data safe,” Roesler said. 

According to Rosenkranz, PMR managed to recover its whole server via backup systems, and the event was reported to law enforcement agencies. 

“We know that malicious cyber-attacks like what we experienced are affecting businesses around the world and governments at all levels,” Rosenkranz wrote. “As a result of the incident, we’ve taken immediate action to harden our network, including implementing additional security measures.”