Arlington County Government Employees Pay the Price for Payroll System Phishing Scam

Exploit: Phishing attack
Arlington County: County in the Commonwealth of Virginia

Risk to Small Business: 1.555 = Severe Risk: A phishing scam gave hackers access to the county’s payroll systems that contained copious amounts of personal data. Upon discovering the breach, officials worked to identity the scope and severity of the incident, concluding that this preventable breach will have serious implications for their employees. In this case, the agency’s preventative measures will prove to be too little too late, and their own employees will pay the price for inaction.

Individual Risk: 2.285 = Severe Risk: An investigation by two government agencies concluded that only employee data was compromised in the breach. Because hackers gained access to payroll systems, this information could include employee’s most sensitive information, including their names, addresses, Social Security numbers, and bank account information. Consequently, anyone impacted by the breach should immediately acquire credit and identity monitoring services to ensure their information’s long-term security.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  In the wake of this attack, Arlington County is taking several steps to protect their infrastructure in the future, including updating their network’s ability to identify a phishing email before it reaches an employee’s inbox and providing training to employees to identity and delete phishing emails before they compromise the network’s integrity. These measures can significantly reduce the risk of a phishing scam, and every organization should implement these protocols as a precaution against not a response to a phishing scam.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.