North Dakota

North Dakota-based 'Zola Inc,' a wedding planning site, suffered a data breach on May 21, 2022. Hackers accessed some of the company's customer accounts using easy-to-guess passwords and username combinations. This hacking technique, often referred to as 'credential stuffing,' exploits clients that use the same passwords and usernames on multiple sites so that they easily remember their 'login' details. Hackers may compromise one of the many sites frequented by the user and then use the stolen credentials to access the user's accounts on other sites. After hacking into some of Zola's user accounts, the hackers tried to make gift-card orders using funds in the accounts they had accessed. Zola provided its customers with written notice of this hacking incident on July 5, 2022. The company advised customers to avoid re-using passwords on different sites and recompensed fraudulent gift card orders. Zola encouraged customers with compromised accounts to change their passwords and monitor their banking account activity for suspicious activity, as the hackers may have viewed bank details saved in their accounts.

The health insurance corporation '90 Degree Benefits Inc' suffered a data breach on February 24, 2022. Hackers infiltrated its computer system and viewed customer files with confidential information. The company engaged digital forensic specialists who established that the data breach happened between February 24 and 27. That breach enabled the hackers to view the personal details of 312 North Dakota citizens. 90 Degree Benefits informed these affected customers about the data breach through written communication on June 9, 2022. The company has since engaged cybersecurity specialists to strengthen its security system. It also provided affected customers with free identity monitoring services for a stipulated period after the incident.

Forward Air Corporation, which offers surface transportation services, experienced a data breach between June 20 and June 26, 2020. A hacker infiltrated its computer system and used specific Forward Air email accounts during this period. Forward Air's personnel learned of this security breach on June 24, 2020. The organization immediately hired independent forensic investigators to stop the unauthorized activity and investigate the incident. The investigators tested the security of the company's email accounts and notified affected employees of the data breach. On November 11, 2020, Forward Air contacted affected individuals, including 8 North Dakota citizens, and informed them about the data breach. The company has stressed that the hacker did not obtain personal information like Social Security numbers, bank account information, or physical addresses during the data breach. Moreover, the hacker viewed various clients' email addresses and passwords during the security breach. The company has since engaged cybersecurity specialists to install additional safeguards in its network. It is also retraining its employees on how to safeguard their email accounts.

Between February 7 and May 20, 2020, the Catholic Foundation of Western North Dakota suffered a data breach. The institution uses a third-party service provider for fundraising purposes. This party, Blackbaud's Raiser's Edge Fundraising Software, suffered a ransomware attack in early 2020. Blackbaud discovered and stopped the attack around May 20, 2020. It immediately hired forensic experts to encrypt files and expel the hackers from their computer network. Moreover, the hackers had obtained a copy of Blackbaud's backup file containing the personal information of 1,236 clients from the Catholic Foundation of Western North Dakota. Blackbaud notified the Catholic Foundation of Western North Dakota and its members of this security breach on July 16, 2020. The hackers did not access the Social Security numbers or bank account data of the 1,236 clients. Moreover, the backup file the attackers removed contained the email addresses, phone numbers, birthdates, names, and donation amounts given by these clients to the Catholic Foundation of Western North Dakota. The Catholic Foundation of Western North Dakota sent notification letters to members affected by this data breach. It has also engaged cybersecurity experts to identify and fix vulnerabilities in its database to prevent hacking attempts from succeeding in the future.

The Dickey's Barbecue Pit franchise experienced a data breach between June 9, 2019, and November 24, 2020. A payment card security hack exposed the personal data of the franchise's clients in North Dakota. Independent investigators established that an unauthorized code was installed in Dickey's Barbecue Pit's database to disclose payment card information in 55 locations, including the restaurant's North Dakota franchises. The code used data from the magnetic strip of clients' payment cards processed through the restaurant's servers. The data obtained by the code may have included internal verification value, primary account number, card expiration date, and the cardholder's full name. Upon receiving reports of the incident on October 13, 2020, Dickey's Barbecue Pit engaged cybersecurity experts to stop the unauthorized activity. It also posted a notice on its website on November 20, alerting its clients across 55 locations, including North Dakota, about the data breach. the restaurant franchise has engaged independent cybersecurity experts to strengthen payment card security. It has also advised its customers to prevent fraud by appraising payment card statements for illegal activity.