Although suspicious activity on the Employee Self-Service portal was limited to just 47 accounts, the Missouri Office of Administration temporarily shut down the entire site last week to “contain the activity and conduct a thorough investigation,” officials told workers in an email last week.
“Our investigation has confirmed that this incident was highly localized,” the email noted. “Importantly, our fraud protection systems successfully identified the unauthorized activity and prevented any unauthorized transactions from occurring.”
The website allows state workers to report time off and manage their health savings accounts, retirement information and deferred compensation accounts.
At issue was an unauthorized attempt to access workers' deferred savings account information.
Deferred compensation plans allow employees to delay receiving part of their pay until a future date, usually retirement.
A notice on the portal says the site is undergoing maintenance. Workers still can access their information by clicking directly on the links to the information they are seeking. The difference is that employees must log in separately to each site they are visiting.
“While the scope of the incident is narrow, we are treating the security of the system with the utmost seriousness,” the email said.
The 47 affected users have been notified of the activity and received specific instructions on how to address the intrusion, the Office of Administration said.
For the remaining workers, the agency said it is working to restore the portal before the next pay date on Jan. 15. If the portal still is offline at that time, the office said it will activate an alternative method for employees to receive their pay stubs and W-2 tax information.
“We will provide specific instructions to all team members before the next pay date if these alternative steps become necessary,” the email notes.
The hack is the latest affecting state governments across the nation.
In August, Nevada officials discovered a ransomware attack that crippled some state operations. It took nearly a month to fully restore its services.
The incident later was tied to a state employee who mistakenly downloaded malicious software and cost at least $1.5 million to recover, according to an after-action report the state released in November.
Last March, the Missouri Department of Conservation reported a hack that shut down its system, which issues permits for hunting and fishing and manages nearly 1 million acres of public land.
In July 2024, Missourians seeking to renew driver licenses and access food benefits faced delays after a major disruption.
© 2026 the St. Louis Post-Dispatch. Visit www.stltoday.com. Distributed by Tribune Content Agency, LLC.
