San Francisco 49ers hacked by ransomware group

Pottawatomie County pays more than $71,000 to end 13-day ransomware attack

Alaska Court System forced to go offline after cyber attack

Hackers attempt to poison water supply in Oldsmar, Florida

Phishing email results in personal information compromised in North Carolina County

A utility company in Jersey City pays $500,000 to regain access to “vital” data

The city of Lafayette, Colorado’s data held hostage for a $45,000 payout

A New England health care system suffered a week-long cyber attack, disrupting the use of electronic health records and websites

The city of Minneapolis fell victim to a hacktivist DDoS attack amid George Floyd protests

NetWalker ransomware disrupted a public health agency website during the coronavirus pandemic

Ryuk infected Durham city and county networks via phishing emails

Cyberattack impacted email accounts and server function for the City of Torrance

Officials shut down the St. Lucie County Sheriff’s Office’s computer network after a DoppelPaymer ransomware attack

A phishing attack successfully compromised city networks, resulting in 3,500 devices and 450 servers being taken offline

A ransomware attack on the city’s network left citizens unable to access public-facing systems

County officials issued a check for $710,000 after cybercriminals impersonating a vendor demanded payment

Unknown attackers breached city systems and interfered with operations, including internal and external email

A ransomware attack halted operations across three hospitals, which needed to manage existing patient data with pen and paper and send new patients to other facilities

A ransomware attack affected approximately half of the Tennessee municipality’s computer systems

In August 2019, the municipal computer system of Wilmer, Texas, was comprised by ransomware

A hacker demanded $2.5 million each from 22 local governments in a statewide ransomware attack

Hackers breached Los Angeles Police Department computers and stole data for 20,000 officers and applicants

A ransomware attack took the 16-school district offline for more than two weeks

A spear phishing campaign featuring a never-before-seen malware downloader targeted 10 people at an unnamed agency

After negotiations with ransomware attackers failed, the city rebuilt 158 affected systems from scratch

Cyberattackers unleashed Ryuk ransomware on computers at LaPorte County, leading officials to pay a $130,000 ransom

RobbinHood ransomware infected about 10,000 government computers, resulting in more than $18 million in recovery costs

An elaborate scam netted multiple login credentials and nearly 130,000 medical records

Cybercriminals targeted a third-party payment processor and redirected almost $500,000 in paychecks

A ransomware attack encrypted 800 computers, including police department endpoints

An employee for a third-party contractor fell for a phishing attack that exposed almost 15,000 patient records

A misconfigured server exposed three terabytes of personal information and system credentials dating back three decades

A former IT staff member stole 70,000 files from a database of background check information

Multiple phishing attacks breached the personal data of more than 500,000 students and staff members

A disruptive attack affected land operations at the Port of San Diego

Attackers took down the city’s entire municipal network, knocking some services offline for nearly six months

The city paid ransom after attackers temporarily shut down servers of the Leominster public school system and disabled email servers for weeks

SamSam ransomware shut down more than one-third of the city’s computer programs

SamSam ransomware encrypted files on more than 2,000 employee computers, forcing employees offline for two days

Personal data on 360,000 Pennsylvania teachers was briefly exposed to registered users of an administrative database

An insider attack on government systems resulted in the compromise of 2,300 employee records

An issue with data backups forced Montgomery County to pay ransom after ransomware encrypted nearly 70 terabytes of county files

A town employee transferred nearly $50,000 to scammers after receiving spoofed emails

A request for metadata from city email addresses resulted in the compromise of sensitive information

A ransomware attack resulted in a shutdown of the St. Louis Public Library’s computer systems, patron services and employee email communications

Threat actors compromised the nuclear plant’s business network and obtained information about the configuration of industrial control systems (ICSs)

A city employee emailed information about 3,716 municipal employees to an employee in a different municipality

The Horry County school district paid $10,000 in bitcoin after ransomware put public-facing servers at risk

Locky ransomware entered the network after an employee clicked an attachment in a phishing email and encrypted files

More than 191 million U.S. voter records were left exposed on a public internet server due to a configuration error

The Secretary of State office mistakenly distributed personally identifiable information (PII) on 6.1 million voters to politicians and the media

Lincoln County law enforcement agencies paid a $318 ransom after megacode infected its records management system

A former employee sent personal health records of more than 90,000 patients to two of her personal email accounts

Malicious actors compromised a U.S. Postal Service VPN service and stole personally identifiable information (PII) of employees and customers

Attackers gained access to a health department containing more than 1.3 million client records

An employee stole 80 personal health records over a 13-month period, which were used for fraudulent credit card purchases

A court employee sent information on 3,600 potential jurors and defendants to her personal email address

Personal information was stolen from a fire department database containing data on 231 firefighters

CryptoLocker ransomware infected the police department computer system, resulting in one of the first ransom payouts by a municipality

A former hospital IT employee used a keylogger to break into fellow employees’ social media and email accounts

Threat actors gained access to the Bowman Dam control system and attempted to operate the sluice gate remotely with the intention to release water, resulting in $30,000 in remediation costs

A threat actor compromised multiple law enforcement agency networks and stole 14,000 payment card records

A phishing attack on state government systems compromised 44 systems and cost South Carolina more than $14 million

Hackers gained access to multiple public utilities and acquired engineering diagrams and remote access credentials; power generator equipment settings were altered in at least one instance

A failure to follow security procedures exposed 3.5 million people’s personal data on a public web server for 15 months

A network administrator refused to hand over administrative login credentials, resulting in a $900,000 remediation cost

A laptop stolen from a VA analyst’s house contained unencrypted information on 26.5 million people associated with Veterans Affairs