Cybersafetyconnections January 12th, 2026, vol #251 

  • From the Copilot desk, suspicious activity was detected on the Employee Self‑Service (ESS) portal, a system used by more than 50,000 Missouri state employees
  • Missouri state employees who rely on the ESS portal were impacted. 
  • The state has not disclosed the reason for the intrusion. 
  • No cybercriminal group has claimed responsibility for the attack. 
  • Here is how Missouri state mitigated loss from the cyberattack. 

 Source: Missouri Office of Administration 

 Government Technology 

1. What happened? 

Copilot 

  • Suspicious activity was detected on the Employee Self‑Service (ESS) portal, a system used by more than 50,000 Missouri state employees
  • Although only 47 accounts showed signs of unauthorized access attempts, the state shut down the entire portal to contain the threat and begin a full investigation. 
  • Fraud‑protection systems successfully blocked all unauthorized transactions, preventing financial loss. 

 Government Technology 

2. Who was impacted? 

510px-Missouri_regions_map.png (510×454) 

  • Missouri state employees who rely on the ESS portal to:  
  • Report time off 
  • Manage health savings accounts 
  • Access retirement information 
  • No confirmed financial losses occurred, but access to the portal remains disrupted. 

 Government Technology 

3. Why did it happen? 

Cyber attacks | Photos taken from the Norse Attack Map. The … | FlickrCyberattack Photos taken from 

  • The state has not yet disclosed the exact intrusion vector. 
  • Early indicators suggest targeted unauthorized access attempts against specific employee accounts. 
  • The rapid shutdown suggests the state prioritized containment over operational continuity. 

 Government Technology 

4. Who is responsible? 

Tag Dat breach.Techno Fact 

  • As of the latest reporting, no threat actor or group has been publicly attributed to the incident. 
  • The activity appears localized and targeted, not part of a widespread ransomware or nation‑state campaign. 

 Government Technology 

5. How is the state responding? 

Disaster Management and the role of ICTs · Global VoicesDiseaster Management 

Here is how the state responded to the cybersecurity incident: 

  • Full forensic investigation is underway. 
  • Portal was taken offline and remains offline until systems are validated as safe. 
  • Fraud‑protection systems prevented unauthorized access and have been strengthened to monitor additional anomalies. 

 Government Technology 

Subscribe to get the latest blog post.