North Dakota's Workforce Safety & Insurance agency was struck by a cyberattack in June that involved personal data.
Evidence indicates the attacker gained access to personal information of 182 injured workers in a WSI employee's email account.
The employee had noticed unusual activity on the computer after opening an email attachment. WSI's help desk responded.
The computer was secured and removed from the state network. The state Information Technology Department and its Cyber Analysis and Response team recently finished a forensic analysis of the computer.
That analysis concluded that a "sophisticated phishing attack" was isolated to the one computer and didn't spread onto the state network.
But the analysis also found evidence the attacker gained access to the personal data through the email attachment containing malicious code.
People are also reading…
WSI notified people affected by the attack to provide information and offer identity theft protection services.
More information is at bit.ly/WSICyber.