People are being cut off from services like unemployment benefits and job-seeking programs as a result of a cyberattack on software company Geographic Solutions (GSI) that began almost a week ago, The Register reported.
The Louisiana Workforce Commission said in a statement this week that GSI had to shut down state labor exchanges and unemployment claims systems, potentially having an impact on up to 40 states and Washington, DC. GSI provides services to these states.
According to the company's LinkedIn page, GSI provides online services for state and local governments in more than 35 states and creates software for things like workforce development, labor market data, and unemployment insurance. The vendor also maintains websites for government organizations in states including Indiana, Florida, North Carolina, and California.
GSI President Paul Toomey said that the company is collaborating with third-party specialists to look into the cyber-incident and make sure it doesn't happen again. Toomey stated that the company planned to resume the services before the July 4 holiday. GSI allegedly informed agencies in a number of states about the issue on June 26, as per The Register.
Which States Are Affected?
Louisiana's unemployment claims and labor exchange services had to be taken down after GSI discovered an attempt at a malware attack. According to GSI, there was no data breach and the personal information of Louisiana Workforce Commission's HiRE users was not affected. This interruption has an effect on the state's almost 11,000 residents who are currently filing continuing unemployment claims.
CalJOBS' website went unavailable as a result of the GSI service stoppage, according to a notice from California's Employment Development Department.
In addition, the Jobs4TN website in Tennessee also went offline. According to the state's Department of Labor and Workforce Development, 12,000 Tennessee residents depend on the state's unemployment program and workforce development initiatives.
The GSI outage also had an effect on states from Texas to New Hampshire.
What Are Experts' Opinions About the Incident?
It's probable that the attack is being carried out by a nation state or threat actor that is supported by a state, according to Mike Parkin, senior technical engineer at Vulcan Cyber.
He continued by saying that a threat actor might easily stop operations with a distributed denial-of-service attack or destructive malware. However, a ransomware attack is more likely because of the profit motive, especially when sensitive information may be at stake.
The most crucial question, according to John Bambenek, principal threat hunter at cybersecurity company Netenrich, is what data is at risk for users of such websites and what precautions they should take. "Too often, we focus on the corporate parts of incident response but forget the impact to those whose private information is stolen."
The incident is the most recent in a growing pattern of software supply chain attacks, in which cybercriminals target one company with the intention of infecting its partners and clients later on, basically widening the malware's system vulnerabilities.