In an increasingly digital world, cyberattacks don’t exclusively target large corporations and governments anymore — even labor unions aren’t safe.
The everyday person’s sensitive financial data and private member information are now compromised, urging labor coalitions to take proactive measures to protect themselves. Here’s a look at why these alliances are being targeted and what they can do to strengthen their cybersecurity.
Why Are Labor Unions a Target for Cyberattacks?
Chief information security officers (CISO) reported that three in four companies were at risk of a cyberattack in 2023. Unfortunately, the threats are extending to trade unions within these businesses because of the sensitive nature of the information they store.
Labor unions protect workers’ rights and interests, usually formed if companies treat employees poorly and do not provide safe working conditions. But what makes them valuable prey for cybercriminals?
1. High-Value Financial Assets at Risk
Member dues, pension funds and health care payments are just a few of the significant financial transactions that unions manage. Hackers target these assets through fraudulent wire transfers, payroll redirection schemes and unauthorized access to bank accounts, potentially draining millions from union reserves.
2. Exposure of Member Identities and Financial Data
Unions store highly sensitive information, including members’ Social Security numbers, direct deposit details and health care records. Association members may suffer long-term financial and personal harm if this data is compromised and utilized for identity theft or tax fraud or sold on the dark web.
3. Cyber Sabotage in Collective Bargaining Negotiations
During labor disputes, cybercriminals — or even opposing parties — may attempt to hack union databases, leak confidential strategy documents or disrupt digital communications. This can erode worker unity, undermine the group’s bargaining power and breed mistrust among members.
4. Limited Cybersecurity Infrastructure
Many trade coalitions have fewer resources and less IT support than giant businesses and government organizations. Because of this, they are frequently the subject of cyberattacks, such as ransomware assaults that lock down important data or phishing emails that fool employees into divulging login passwords. In addition, social engineering schemes coerce officials into sending money or sharing personal information.
Recent Cyberattacks on Labor Unions
Cyberattacks on unions are becoming more frequent and costly. In California, the Service Employees International Union (SEIU) Local 1000 — one of the state’s largest labor associations — suffered a cyberattack that disrupted its network. The LockBit ransomware group claimed the attack, allegedly stealing 308GB of sensitive data, including salary records, financial documents and Social Security numbers. This breach jeopardized employees’ personal information and raised concerns about potential financial fraud and identity theft.
Meanwhile, a cyberattack on the health fund of Pipefitters Local 537 in Boston resulted in a staggering $6.4 million financial loss. Unlike traditional breaches where hackers steal personal data, this attack was classified as a social engineering scam, manipulating employees into transferring funds to fraudulent accounts. While the organization reassured members that their benefits remained unaffected, it took swift action by hiring forensic investigators, enhancing cybersecurity training and updating its financial security protocols.
Outside of the U.S., two major U.K. trade groups, the Communications Workers Union (CWU) and Aslef, fell victim to cyberattacks within the same month.
The CWU, representing 185,000 workers in tech, telecom and finance, faced a ransomware attack that disrupted its IT systems and led to fears of stolen member data. Concurrently, Aslef, a union representing train drivers, experienced a phishing attempt targeting its website and member information. While no ransom demand was reported for Aslef, the CWU refused to pay the hackers and worked with cybersecurity experts to restore its systems.
These cases highlight the growing threats facing labor groups and the urgent need for stronger cybersecurity measures.
How Can Labor Unions Strengthen Their Cybersecurity?
As of 2024, the average incident response cost for a ransomware attack is around $4.54 million, more than the average data breach cost, which is $4.35 million. Unions must take cybersecurity seriously and implement proactive measures to protect their members and finances.
1. Promote Employee Training and Awareness
Many attacks occur due to human error. A significant 74% of incidents involve employees. Conducting cybersecurity training can help members and staff recognize phishing emails, avoid clicking on suspicious links and protect sensitive data.
2. Develop Stronger Password Policies
A weak password causes 30% of data breaches in internet users. Enforcing complex, unique passwords and enabling multifactor authentication (MFA) can prevent unauthorized access to union systems.
3. Secure Communication Channels
Encrypted email services, secure messaging platforms, and VPNs ensure that sensitive discussions and negotiations remain private.
4. Conduct Regular Security Audits
Conducting frequent audits can help identify and address vulnerabilities before hackers exploit them.
5. Encrypt and Backup Data
Encrypting sensitive data protects it from unauthorized access, while regular backups help organizations recover lost information in the event of an attack.
6. Implement Firewalls and Antivirus Protection
Investing in strong firewall defenses and up-to-date antivirus software can block malware and ransomware threats.
7. Devise an Incident Response Plan
Having a well-documented plan in place allows unions to respond quickly and effectively to a cyberattack, minimizing damage and ensuring a faster recovery.
Safeguarding Workers’ Rights Through Stronger Security
As cybercriminals’ tactics evolve, labor unions must recognize the urgent need for stronger cybersecurity. Implementing security best practices, educating members and taking proactive steps to protect sensitive data helps trade organizations reduce their risk of becoming the next headline of a cyberattack. With the right measures, unions can safeguard their members, finances and collective bargaining power in the digital age.
As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.
.
.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.