A cyberattack has hit a company that handles unemployment claims and job placement for state governments, disrupting online services across the country.
The departments of labor and related agencies have been affected in at least nine states, as well as Washington, D.C.
The company, Geographic Solutions, based in Florida, said in an emailed statement that the outages were due to “anomalous activity on our network,” and that it was still investigating what happened. It did not answer questions about whether ransomware was behind the attack.
Its website did not load as of Thursday afternoon. An archived version of the site said that 35 states and territories use its products.
But those states and Washington all say that they’ve been informed by the company about the cyberattack and that it has caused problems with government services.
Tennesseans currently cannot receive unemployment benefits because of the outage, the state’s Department of Labor and Workforce Development announced Tuesday, keeping approximately 12,000 from being paid. Around 11,000 people who currently file continued claims through the state’s workforce commission aren’t receiving them, a spokesperson said.
In Nebraska, the outage means that some residents who receive unemployment payments through an online system, called NEworks, will only be paid “once the NEworks website is back online,” the state’s Department of Labor has announced. It’s unclear when that will be.
Some states are temporarily relaxing requirements for claimants to receive unemployment benefits. The Iowa Workforce Development, the Florida Department of Economic Opportunity and the California Employment Development Department have created workarounds that don’t require claimants to prove they’re searching for work in order to receive payments.
In Washington, the attack has rendered several local government functions inoperable, including the district’s paid family leave, which provides payments for city workers with a new child, a child on the way or a sick relative. Recipients are currently unable to file new claims, and about 750 families haven’t been paid for claims they filed last week, a spokesperson said.
Missouri’s Department of Higher Education & Workforce Development doesn’t use Geographic Solutions for unemployment payments, a spokesperson said, but it does for a state job matching service, which has been down since Monday.
It isn’t clear exactly what type of cyberattack hit Geographic Systems, but states’ descriptions of them strongly indicate it’s ransomware, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
“This attack has all of the hallmark signs of a ransomware attack,” he said.
“Generally, when an issue is technical, a company will communicate that quickly, whereas in cases of a cyberattack, especially, ransomware triage and communication generally take a lot longer,” he said.
It’s unclear when exactly the attack took place, but several states and Washington said Geographic Solutions told them about it Sunday evening. Ransomware hackers often time their attacks to happen over a weekend or a holiday, as fewer people are likely to be available to respond to it.
Ransomware attacks, in which criminal hackers encrypt a computer network or threaten to publish sensitive files they find unless the victim pays a bounty, remain a constant threat to American businesses and other organizations. Hackers who conduct such attacks received at least $14 billion in cryptocurrency payments last year, one study found.