January

State and Local Government Cyberattacks Timeline

State and local governments face malicious actors who target personal information and key services, endangering both citizens and critical infrastructure. Ransomware alone affected over 100 governments in 2019, per Recorded Future. Increasing attack volumes plus lack of funding, skills and awareness necessitate stronger state and local government cybersecurity.

Explore this timeline for a sense of the evolving landscape, attack patterns and prevention best practices.

February
– Santa Clara, California

San Francisco 49ers hacked by ransomware group

back to timeline
September
– Westmoreland, Kansas

Pottawatomie County pays more than $71,000 to end 13-day ransomware attack

back to timeline
April
– Juneau, Alaska

Alaska Court System forced to go offline after cyber attack

back to timeline
February
– Oldsmar, Florida

Hackers attempt to poison water supply in Oldsmar, Florida

back to timeline
October
– Chatham County, North Carolina

Phishing email results in personal information compromised in North Carolina County

back to timeline
September
– Jersey City, New Jersey

A utility company in Jersey City pays $500,000 to regain access to “vital” data

back to timeline
July
– Lafayette, Colorado

The city of Lafayette, Colorado’s data held hostage for a $45,000 payout

back to timeline
June
– Providence, Rhode Island

A New England health care system suffered a week-long cyber attack, disrupting the use of electronic health records and websites

back to timeline
May
– Minneapolis, Minnesota

The city of Minneapolis fell victim to a hacktivist DDoS attack amid George Floyd protests

back to timeline
March
– Champaign-Urbana, Illinois

NetWalker ransomware disrupted a public health agency website during the coronavirus pandemic

back to timeline
– Durham, North Carolina

Ryuk infected Durham city and county networks via phishing emails

back to timeline
– Torrance, California

Cyberattack impacted email accounts and server function for the City of Torrance

back to timeline
December
– St. Lucie, Florida

Officials shut down the St. Lucie County Sheriff’s Office’s computer network after a DoppelPaymer ransomware attack

back to timeline
– New Orleans, Louisiana

A phishing attack successfully compromised city networks, resulting in 3,500 devices and 450 servers being taken offline

back to timeline
– Pensacola, Florida

A ransomware attack on the city’s network left citizens unable to access public-facing systems

back to timeline
October
– Nassau County, New York

County officials issued a check for $710,000 after cybercriminals impersonating a vendor demanded payment

back to timeline
– San Marcos, California

Unknown attackers breached city systems and interfered with operations, including internal and external email

back to timeline
– Tuscaloosa, Alabama

A ransomware attack halted operations across three hospitals, which needed to manage existing patient data with pen and paper and send new patients to other facilities

back to timeline
– Johnson City, Tennessee

A ransomware attack affected approximately half of the Tennessee municipality’s computer systems

back to timeline
August
– Wilmer, Texas

In August 2019, the municipal computer system of Wilmer, Texas, was comprised by ransomware

back to timeline
– 22 cities, Texas

A hacker demanded $2.5 million each from 22 local governments in a statewide ransomware attack

back to timeline
July
– Los Angeles, California

Hackers breached Los Angeles Police Department computers and stole data for 20,000 officers and applicants

back to timeline
– Moses Lake, Washington

A ransomware attack took the 16-school district offline for more than two weeks

back to timeline
– Unnamed Government Agency

A spear phishing campaign featuring a never-before-seen malware downloader targeted 10 people at an unnamed agency

back to timeline
– New Bedford, Massachusetts

After negotiations with ransomware attackers failed, the city rebuilt 158 affected systems from scratch

back to timeline
– La Porte County, Indiana

Cyberattackers unleashed Ryuk ransomware on computers at LaPorte County, leading officials to pay a $130,000 ransom

back to timeline
May
– Baltimore, Maryland

RobbinHood ransomware infected about 10,000 government computers, resulting in more than $18 million in recovery costs

back to timeline
– Kalispell, Montana

An elaborate scam netted multiple login credentials and nearly 130,000 medical records

back to timeline
April
– Tallahassee, Florida

Cybercriminals targeted a third-party payment processor and redirected almost $500,000 in paychecks

back to timeline
– Greenville, North Carolina

A ransomware attack encrypted 800 computers, including police department endpoints

back to timeline
March
– Los Angeles, California

An employee for a third-party contractor fell for a phishing attack that exposed almost 15,000 patient records

back to timeline
December
– Oklahoma City, Oklahoma

A misconfigured server exposed three terabytes of personal information and system credentials dating back three decades

back to timeline
November
– Chicago, Illinois

A former IT staff member stole 70,000 files from a database of background check information

back to timeline
October
– San Diego, California

Multiple phishing attacks breached the personal data of more than 500,000 students and staff members

back to timeline
September
– Port of San Diego, California

A disruptive attack affected land operations at the Port of San Diego

back to timeline
July
– Valdez, Alaska

Attackers took down the city’s entire municipal network, knocking some services offline for nearly six months

back to timeline
April
– Leominster, Massachusetts

The city paid ransom after attackers temporarily shut down servers of the Leominster public school system and disabled email servers for weeks

back to timeline
March
– Atlanta, Georgia

SamSam ransomware shut down more than one-third of the city’s computer programs

back to timeline
February
– Colorado

SamSam ransomware encrypted files on more than 2,000 employee computers, forcing employees offline for two days

back to timeline
– Pennsylvania

Personal data on 360,000 Pennsylvania teachers was briefly exposed to registered users of an administrative database

back to timeline
December
– Sacramento, California

An insider attack on government systems resulted in the compromise of 2,300 employee records

back to timeline
September
– Montgomery County, Alabama

An issue with data backups forced Montgomery County to pay ransom after ransomware encrypted nearly 70 terabytes of county files

back to timeline
August
– Yarrow Point, Washington

A town employee transferred nearly $50,000 to scammers after receiving spoofed emails

back to timeline
April
– Seattle, Washington

A request for metadata from city email addresses resulted in the compromise of sensitive information

back to timeline
January
– St. Louis Public Library, Missouri

A ransomware attack resulted in a shutdown of the St. Louis Public Library’s computer systems, patron services and employee email communications

back to timeline
Undisclosed
– Wolf Creek Nuclear Plant, Kansas

Threat actors compromised the nuclear plant’s business network and obtained information about the configuration of industrial control systems (ICSs)

back to timeline
June
– Calgary, Alberta, Canada

A city employee emailed information about 3,716 municipal employees to an employee in a different municipality

back to timeline
February
– Spartanburg, South Carolina

The Horry County school district paid $10,000 in bitcoin after ransomware put public-facing servers at risk

back to timeline
– Sarasota City Hall, Florida

Locky ransomware entered the network after an employee clicked an attachment in a phishing email and encrypted files

back to timeline
December
– USA

More than 191 million U.S. voter records were left exposed on a public internet server due to a configuration error

back to timeline
October
– Georgia

The Secretary of State office mistakenly distributed personally identifiable information (PII) on 6.1 million voters to politicians and the media

back to timeline
April
– Wiscasset, Maine

Lincoln County law enforcement agencies paid a $318 ransom after megacode infected its records management system

back to timeline
February
– New York, New York

A former employee sent personal health records of more than 90,000 patients to two of her personal email accounts

back to timeline
November
– Washington, D.C.

Malicious actors compromised a U.S. Postal Service VPN service and stole personally identifiable information (PII) of employees and customers

back to timeline
May
– Montana

Attackers gained access to a health department containing more than 1.3 million client records

back to timeline
January
– New York, New York

An employee stole 80 personal health records over a 13-month period, which were used for fraudulent credit card purchases

back to timeline
December
– Sumner, Washington

A court employee sent information on 3,600 potential jurors and defendants to her personal email address

back to timeline
– Bellevue, Washington

Personal information was stolen from a fire department database containing data on 231 firefighters

back to timeline
November
– Swansea, Massachusetts

CryptoLocker ransomware infected the police department computer system, resulting in one of the first ransom payouts by a municipality

back to timeline
Undisclosed
– New York City

A former hospital IT employee used a keylogger to break into fellow employees’ social media and email accounts

back to timeline
– Rye Brooke, New York

Threat actors gained access to the Bowman Dam control system and attempted to operate the sluice gate remotely with the intention to release water, resulting in $30,000 in remediation costs

back to timeline
September
– Massachusetts

A threat actor compromised multiple law enforcement agency networks and stole 14,000 payment card records

back to timeline
August
– South Carolina

A phishing attack on state government systems compromised 44 systems and cost South Carolina more than $14 million

back to timeline
Undisclosed
– USA

Hackers gained access to multiple public utilities and acquired engineering diagrams and remote access credentials; power generator equipment settings were altered in at least one instance

back to timeline
March
– Austin, Texas

A failure to follow security procedures exposed 3.5 million people’s personal data on a public web server for 15 months

back to timeline
July
– San Francisco, California

A network administrator refused to hand over administrative login credentials, resulting in a $900,000 remediation cost

back to timeline
May
– Montgomery County, Maryland

A laptop stolen from a VA analyst’s house contained unencrypted information on 26.5 million people associated with Veterans Affairs

back to timeline