Over the weekend, I caught up with an old friend. We were talking about how our summers went and she mentioned that her hometown, Arlington, Massachusetts, was hit by a cyberattack during the summer. The town of Arlington lost nearly a half-million dollars via wire fraud. 

Although, I shouldn’t have been surprised, given the numerous articles I’ve read about cyberattacks hitting cities and towns, and local governments. I was still shocked because Arlington is a nearby town. This sent me down a rabbit hole, investigating how many other towns and cities have been affected by cyberattacks in 2024 alone.

Over 108 municipalities have fallen victim to a cyberattack in 2024. Cyberattacks on towns and cities not only compromise their data and the data of their residents but also disrupt their systems, sometimes forcing them to shut down their websites and services. For example, in July, Columbus, Ohio, was hit by a ransomware attack that forced the city to shut down their network from the Internet, leading to the closure of city services, including City Hall. 

On the bright side, towns and cities, and local governments do not have to face this battle alone. The Department of Homeland Security (DHS) offers state and local cybersecurity grant programs to help implement robust security plans to safeguard against attacks targeting their cities and towns. The Cybersecurity Infrastructure Security Agency (CISA) also provides tips and resources for state, local, tribal, and territorial governments to protect against attacks. Additionally, Lisa N. Thompson, Chair of the New Hampshire Bar Association Intellectual Property Section, shared some additional tips on how local governments can mitigate potential threats and protect their data, as well as the data and privacy of their residents, and most importantly, their safety.

To learn more about how state and local governments can better protect themselves against cyberattacks and safeguard critical infrastructure, please visit our Library.

Now let’s take a look at what else made industry headlines this week.

Oct. 25: UnitedHealth Group (UHG) is suffering a massive data breach, affecting over 100 million American users.

Oct. 24: “An army of Chinese-controlled social media bots is attempting to influence voters in Alabama, Texas, and Tennessee,” Reuters reported.

Oct. 24: LinkedIn has been fined by the Irish Data Protection Commission for unlawful handle of user data, imposing three administrative fines of $335 million.

Oct. 23: It was discovered that threat actors are abusing Amazon S3, a simple storage service, to exfiltrate victim data as part of ransomware attacks.

Oct. 23: The US federal government said they will use the Traffic Light Protocol (TLP) to boost cyberthreat information sharing with the cybersecurity community and private sector.

Oct. 22: Google warns of a zero-day vulnerability has been discovered in Samsung’s mobile processors and being used in an exploit chain.

Oct. 22: A Buffalo, New York, resident was convicted of possession of 15 plus unauthorized access devices with intent to defraud. 

Oct. 21: Bleeping Computer reported, “WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push info-stealing malware.”

Oct. 21: Researchers can earn bug bounty reward under Google Cloud’s new Vulnerability Reward Program (VRP).