1. Home
  2. States
  3. North Dakota

North Dakota

Data breaches result from the infiltration of computer networks and subsequent access to confidential or sensitive data without its owners' authorization. Hackers cause data breaches when they break into computer systems or send phishing emails to unsuspecting employees. Misconfigured software can also cause accidental data exposure. North Dakota has experienced a sharp increase in data breaches over the past few years. North Dakota's chief information officer revealed that in 2022 alone, the state saw a 300% increase in attempted cyber attacks. That equates to 15 million attempted data breaches per month. The most common cyber crimes in North Dakota are ransomware attacks and personal identity data theft.

Identity Theft Statistics

Identity Theft
State Rank (Reports per 100K Population)
Identity Theft Reports
Fraud & Other
State Rank (Reports per 100K Population)
Total Fraud & Other Reports
Total Fraud Losses
Median Fraud Losses

Top Ten Report Categories

Imposter Scams
Identity Theft
Prizes, Sweepstakes and Lotteries
Online Shopping and Negative Reviews
Telephone and Mobile Services
Debt Collection
Banks and Lenders
Credit Bureaus, Iformation Furnishers and Report Users
Auto Related
Internet Services

Top Identity Theft Types

Credit Card Fraud
Other Identity Theft
Bank Fraud
Loan or Lease Fraud
Employment or Tax-Related Fraud
Phone or Utilities Fraud
Government Documents or Benefits Fraud

North Dakota's Recent Biggest Data Breaches


Zola Inc Data Breach

North Dakota-based 'Zola Inc,' a wedding planning site, suffered a data breach on May 21, 2022. Hackers accessed some of the company's customer accounts using easy-to-guess passwords and username combinations. This hacking technique, often referred to as 'credential stuffing,' exploits clients that use the same passwords and usernames on multiple sites so that they easily remember their 'login' details. Hackers may compromise one of the many sites frequented by the user and then use the stolen credentials to access the user's accounts on other sites. After hacking into some of Zola's user accounts, the hackers tried to make gift-card orders using funds in the accounts they had accessed. Zola provided its customers with written notice of this hacking incident on July 5, 2022. The company advised customers to avoid re-using passwords on different sites and recompensed fraudulent gift card orders. Zola encouraged customers with compromised accounts to change their passwords and monitor their banking account activity for suspicious activity, as the hackers may have viewed bank details saved in their accounts.


90 Degree Benefits Inc Data Breach

The health insurance corporation '90 Degree Benefits Inc' suffered a data breach on February 24, 2022. Hackers infiltrated its computer system and viewed customer files with confidential information. The company engaged digital forensic specialists who established that the data breach happened between February 24 and 27. That breach enabled the hackers to view the personal details of 312 North Dakota citizens. 90 Degree Benefits informed these affected customers about the data breach through written communication on June 9, 2022. The company has since engaged cybersecurity specialists to strengthen its security system. It also provided affected customers with free identity monitoring services for a stipulated period after the incident.


Data Breach at Forward Air Corporation

Forward Air Corporation, which offers surface transportation services, experienced a data breach between June 20 and June 26, 2020. A hacker infiltrated its computer system and used specific Forward Air email accounts during this period. Forward Air's personnel learned of this security breach on June 24, 2020. The organization immediately hired independent forensic investigators to stop the unauthorized activity and investigate the incident. The investigators tested the security of the company's email accounts and notified affected employees of the data breach. On November 11, 2020, Forward Air contacted affected individuals, including 8 North Dakota citizens, and informed them about the data breach. The company has stressed that the hacker did not obtain personal information like Social Security numbers, bank account information, or physical addresses during the data breach. Moreover, the hacker viewed various clients' email addresses and passwords during the security breach. The company has since engaged cybersecurity specialists to install additional safeguards in its network. It is also retraining its employees on how to safeguard their email accounts.


Data Breach involving The Catholic Foundation of Western North Dakota

Between February 7 and May 20, 2020, the Catholic Foundation of Western North Dakota suffered a data breach. The institution uses a third-party service provider for fundraising purposes. This party, Blackbaud's Raiser's Edge Fundraising Software, suffered a ransomware attack in early 2020. Blackbaud discovered and stopped the attack around May 20, 2020. It immediately hired forensic experts to encrypt files and expel the hackers from their computer network. Moreover, the hackers had obtained a copy of Blackbaud's backup file containing the personal information of 1,236 clients from the Catholic Foundation of Western North Dakota. Blackbaud notified the Catholic Foundation of Western North Dakota and its members of this security breach on July 16, 2020. The hackers did not access the Social Security numbers or bank account data of the 1,236 clients. Moreover, the backup file the attackers removed contained the email addresses, phone numbers, birthdates, names, and donation amounts given by these clients to the Catholic Foundation of Western North Dakota. The Catholic Foundation of Western North Dakota sent notification letters to members affected by this data breach. It has also engaged cybersecurity experts to identify and fix vulnerabilities in its database to prevent hacking attempts from succeeding in the future.


Data Breach involving Dickey's Barbecue Pit

The Dickey's Barbecue Pit franchise experienced a data breach between June 9, 2019, and November 24, 2020. A payment card security hack exposed the personal data of the franchise's clients in North Dakota. Independent investigators established that an unauthorized code was installed in Dickey's Barbecue Pit's database to disclose payment card information in 55 locations, including the restaurant's North Dakota franchises. The code used data from the magnetic strip of clients' payment cards processed through the restaurant's servers. The data obtained by the code may have included internal verification value, primary account number, card expiration date, and the cardholder's full name. Upon receiving reports of the incident on October 13, 2020, Dickey's Barbecue Pit engaged cybersecurity experts to stop the unauthorized activity. It also posted a notice on its website on November 20, alerting its clients across 55 locations, including North Dakota, about the data breach. the restaurant franchise has engaged independent cybersecurity experts to strengthen payment card security. It has also advised its customers to prevent fraud by appraising payment card statements for illegal activity.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach


Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.


Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.


Contain the Breach

Isolate the affected system to prevent further damage.


Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.


Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.


Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.


Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.


Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.


Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.


Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

North Dakota state regulations mandate that business organizations within North Dakota inform their clients of data breaches within 60 days of the incident. In North Dakota, personal information protected by data breach laws includes driver's license numbers, electronic or digitized signatures, Social Security numbers, health insurance data, debit and credit card account numbers, medical information, date of birth, email addresses, state ID numbers, and passwords. Cyber security attacks that must be reported include Denial of Service (DoS) attacks, malware incidents, the use of ransomware, and identity theft incidents that affect more than 250 persons. Business organizations may delay informing customers about data breaches if that action interferes with ongoing criminal investigations. Additionally, businesses are expected to notify affected clients about data breaches by written or electronic notice. Organizations may use substitute notices like statewide media or their website to inform clients of data breaches if using electronic or written notice exceeds $250,000. If an organization fails to follow these regulations in the event of a data breach, the North Dakota Attorney General may impose a penalty fine of $5,000.


  • N.D. Cent. Code § 51-30-01 establishes the regulations that organizations and business entrepreneurs in North Dakota must follow when they experience a data breach. This statute specifies what data is legally protected as personal information by North Dakota law. Based on this law, business entities in North Dakota may provide substitute breach notifications to customers or clients under specific circumstances. These circumstances include when the cost of issuing data breach notifications surpasses $250,000 or when the entity does not have adequate contact information to provide clients with standard notifications. Under this Statute, North Dakota's Attorney General may impose sanctions on business entities or entrepreneurs who do not adhere to these laws. These sanctions include a fine of $5,000 for every violation.