Würkforce, Inc. suffered a data breach due to unauthorized access to employee email accounts between November 22, 2019, and February 12, 2020. The incident exposed sensitive personal and financial information of 527 Washington residents, including names, Social Security numbers, driver’s license numbers, and financial details. The breach was disclosed to the Washington State Office of the Attorney General on August 3, 2020. The compromise stemmed from a security lapse allowing attackers to infiltrate employee email accounts, potentially enabling identity theft, financial fraud, or further malicious exploitation of the stolen data. While the exact method of intrusion (e.g., phishing, credential stuffing) was not specified, the prolonged access period (nearly 3 months) heightened the risk of extensive data misuse. The breach primarily impacted employee-related data, though the exposure of Social Security and financial records elevated the severity due to the high sensitivity of the compromised information. No evidence suggested ransomware involvement, but the incident underscored vulnerabilities in email security protocols and the broader implications of third-party vendor risks in handling personally identifiable information (PII). The delayed public disclosure (over 6 months post-breach) further raised concerns about transparency and incident response timelines.
TPRM report: https://www.rankiteo.com/company/wurk
"id": "wur252091725",
"linkid": "wurk",
"type": "Breach",
"date": "11/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '527 (Washington residents)',
'location': 'Washington, USA',
'name': 'Würkforce, Inc.',
'type': 'Private Company'}],
'attack_vector': 'Unauthorized Access (Email Compromise)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to email '
'accounts)',
'number_of_records_exposed': '527',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Driver’s License '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_publicly_disclosed': '2020-08-03',
'description': 'The Washington State Office of the Attorney General reported '
'that Würkforce, Inc. experienced a data breach resulting from '
'unauthorized access to employee email accounts between '
'November 22, 2019 and February 12, 2020. The breach affected '
'527 Washington residents, and the types of information '
'potentially compromised included names, Social Security '
'numbers, driver’s license numbers, and financial information.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Driver’s License Numbers',
'Financial Information'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (Financial information exposed)',
'systems_affected': ['Employee Email Accounts']},
'initial_access_broker': {'entry_point': 'Employee Email Accounts'},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Würkforce, Inc. Data Breach (2019-2020)',
'type': 'Data Breach'}