State and Local Government Cyberattacks Timeline
State and local governments face malicious actors who target personal information and key services, endangering both citizens and critical infrastructure. Ransomware alone affected over 100 governments in 2019, per Recorded Future. Increasing attack volumes plus lack of funding, skills and awareness necessitate stronger state and local government cybersecurity.
Explore this timeline for a sense of the evolving landscape, attack patterns and prevention best practices.
San Francisco 49ers hacked by ransomware group
Pottawatomie County pays more than $71,000 to end 13-day ransomware attack
Alaska Court System forced to go offline after cyber attack
Hackers attempt to poison water supply in Oldsmar, Florida
Phishing email results in personal information compromised in North Carolina County
A utility company in Jersey City pays $500,000 to regain access to “vital” data
The city of Lafayette, Colorado’s data held hostage for a $45,000 payout
A New England health care system suffered a week-long cyber attack, disrupting the use of electronic health records and websites
The city of Minneapolis fell victim to a hacktivist DDoS attack amid George Floyd protests
NetWalker ransomware disrupted a public health agency website during the coronavirus pandemic
Ryuk infected Durham city and county networks via phishing emails
Cyberattack impacted email accounts and server function for the City of Torrance
Officials shut down the St. Lucie County Sheriff’s Office’s computer network after a DoppelPaymer ransomware attack
A phishing attack successfully compromised city networks, resulting in 3,500 devices and 450 servers being taken offline
A ransomware attack on the city’s network left citizens unable to access public-facing systems
County officials issued a check for $710,000 after cybercriminals impersonating a vendor demanded payment
Unknown attackers breached city systems and interfered with operations, including internal and external email
A ransomware attack halted operations across three hospitals, which needed to manage existing patient data with pen and paper and send new patients to other facilities
A ransomware attack affected approximately half of the Tennessee municipality’s computer systems
In August 2019, the municipal computer system of Wilmer, Texas, was comprised by ransomware
A hacker demanded $2.5 million each from 22 local governments in a statewide ransomware attack
Hackers breached Los Angeles Police Department computers and stole data for 20,000 officers and applicants
A ransomware attack took the 16-school district offline for more than two weeks
A spear phishing campaign featuring a never-before-seen malware downloader targeted 10 people at an unnamed agency
After negotiations with ransomware attackers failed, the city rebuilt 158 affected systems from scratch
Cyberattackers unleashed Ryuk ransomware on computers at LaPorte County, leading officials to pay a $130,000 ransom
RobbinHood ransomware infected about 10,000 government computers, resulting in more than $18 million in recovery costs
An elaborate scam netted multiple login credentials and nearly 130,000 medical records
Cybercriminals targeted a third-party payment processor and redirected almost $500,000 in paychecks
A ransomware attack encrypted 800 computers, including police department endpoints
An employee for a third-party contractor fell for a phishing attack that exposed almost 15,000 patient records
A misconfigured server exposed three terabytes of personal information and system credentials dating back three decades
A former IT staff member stole 70,000 files from a database of background check information
Multiple phishing attacks breached the personal data of more than 500,000 students and staff members
A disruptive attack affected land operations at the Port of San Diego
Attackers took down the city’s entire municipal network, knocking some services offline for nearly six months
The city paid ransom after attackers temporarily shut down servers of the Leominster public school system and disabled email servers for weeks
SamSam ransomware shut down more than one-third of the city’s computer programs
SamSam ransomware encrypted files on more than 2,000 employee computers, forcing employees offline for two days
Personal data on 360,000 Pennsylvania teachers was briefly exposed to registered users of an administrative database
An insider attack on government systems resulted in the compromise of 2,300 employee records
An issue with data backups forced Montgomery County to pay ransom after ransomware encrypted nearly 70 terabytes of county files
A town employee transferred nearly $50,000 to scammers after receiving spoofed emails
A request for metadata from city email addresses resulted in the compromise of sensitive information
A ransomware attack resulted in a shutdown of the St. Louis Public Library’s computer systems, patron services and employee email communications
Threat actors compromised the nuclear plant’s business network and obtained information about the configuration of industrial control systems (ICSs)
A city employee emailed information about 3,716 municipal employees to an employee in a different municipality
The Horry County school district paid $10,000 in bitcoin after ransomware put public-facing servers at risk
Locky ransomware entered the network after an employee clicked an attachment in a phishing email and encrypted files
More than 191 million U.S. voter records were left exposed on a public internet server due to a configuration error
The Secretary of State office mistakenly distributed personally identifiable information (PII) on 6.1 million voters to politicians and the media
Lincoln County law enforcement agencies paid a $318 ransom after megacode infected its records management system
A former employee sent personal health records of more than 90,000 patients to two of her personal email accounts
Malicious actors compromised a U.S. Postal Service VPN service and stole personally identifiable information (PII) of employees and customers
Attackers gained access to a health department containing more than 1.3 million client records
An employee stole 80 personal health records over a 13-month period, which were used for fraudulent credit card purchases
A court employee sent information on 3,600 potential jurors and defendants to her personal email address
Personal information was stolen from a fire department database containing data on 231 firefighters
CryptoLocker ransomware infected the police department computer system, resulting in one of the first ransom payouts by a municipality
A former hospital IT employee used a keylogger to break into fellow employees’ social media and email accounts
Threat actors gained access to the Bowman Dam control system and attempted to operate the sluice gate remotely with the intention to release water, resulting in $30,000 in remediation costs
A threat actor compromised multiple law enforcement agency networks and stole 14,000 payment card records
A phishing attack on state government systems compromised 44 systems and cost South Carolina more than $14 million
Hackers gained access to multiple public utilities and acquired engineering diagrams and remote access credentials; power generator equipment settings were altered in at least one instance
A failure to follow security procedures exposed 3.5 million people’s personal data on a public web server for 15 months
A network administrator refused to hand over administrative login credentials, resulting in a $900,000 remediation cost
A laptop stolen from a VA analyst’s house contained unencrypted information on 26.5 million people associated with Veterans Affairs