A new ransomware attack that hit one of L&I (Washington’s Department of Labor and Industries) contractors may have led to data leakage of about 16, 000 L&I employees. The threat actors targeted Pacific Market Research (PMR) on the 22nd of May and might have accessed a confidential file of the state’s company L&I containing private employee information shared with PMR.

What Happened?

Pacific Market Research (PMR) is one of the contractors the state department of the Washington government works with, their servers being affected by a ransomware attack. It took a bit until PMR defined the target and scope of the cyberattack within their investigation, so, even if the attack happened on the 22nd of May, L&I was notified on the 4th of June, and then later, on the 9th of June, they received further information on the potential data leakage, as mentions.

It was determined that the attack was a ransomware one. An unauthorized party managed to get access to a private L&I document by encrypting the PMR servers. However, it was later determined that the ransomware attack did not affect the L&I own computer systems too.

What Data Might Have Been Leaked in the Ransomware Attack?

According to the News Tribune, the L&I file present on PMR servers might have contained sensitive data of more than 16,000 L&I employees such as

16, 466 employees’:

  • claim numbers
  • birth date
  • contact information

9400 employers’ account numbers, but these were already public.

The document did not contain medical information, social security numbers, bank or credit card information, or other personal information.


What Is the Cause of the Ransomware Attack?

This new ransomware attack was possible because of a PMR security issue. PMR led a survey in the name of L&I where they used the compromised file that contained data of workers who benefited from compensation claims back in 2019. The mistake resulted from omitting to encrypt back the file used for the survey, as Andrew Rosenkranz, the PMR managing director declared. Thus, the cybersecurity company that was in charge of the investigation discovered the cause being this file left unencrypted. PMR also mentioned that they usually take measures and encrypt sensitive data back after they used it.

What Measures Were Implemented?

A cybersecurity company was in charge of the whole investigation of this ransomware attack.

Rosenkranz also declared that there is no evidence yet if the data was really stolen or accessed.

The cybersecurity firm completed its independent investigation and found no evidence that any files on the Pacific Market Research network were accessed or removed from the network.


L&I took measures as soon as they received the notification from PMR and begun to announce the affected employees starting 29th June via e-mail. Richard Roessler, an L&I spokesperson, also mentioned that they arranged a call center support for questions and answers. Besides, employees benefit from 12 months of credit monitoring free of charge. They are also notifying by e-mail the 9400 employers whose data was present in the targeted file, even if their account numbers were already public.

PMR engaged in covering the costs for the credit monitoring and also for the notifications. Besides, the L&I contractor used backup systems to rehabilitate their entire file server. The law enforcement was also informed about the ransomware attack.

Ransomware Explained. What It Is and How It Works

A New Report Shows that 6 Ransomware Gangs Impacted More than 290 Companies in 2021

Leave a Reply

Your email address will not be published. Required fields are marked *