Cyber Incident Victim: East Windsor Township
Date:
Feb 2022
Location:
United States of America
Summary
A New Jersey municipality experienced a cybersecurity breach where an unauthorized actor accessed municipal systems, leading to fraudulent emails being sent to residents from spoofed township addresses. Officials immediately took affected systems offline, launched an investigation, and implemented temporary operational workarounds to maintain services while restoring functionality. The incident disrupted normal workflows, causing delays in municipal operations. Residents were warned not to interact with suspicious emails appearing to originate from township accounts. Authorities are assessing whether personal data was compromised, though no evidence has been confirmed yet. The township notified multiple law enforcement and homeland security agencies, including the FBI and state police, regarding the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late February 2022, East Windsor Township, New Jersey, experienced a cybersecurity incident involving unauthorized access to municipal computer systems. Township officials detected suspicious activity affecting the municipal building’s computer infrastructure, prompting immediate action to isolate the compromised systems by taking them offline. An investigation was launched to determine the nature and scope of the breach, which disrupted standard operations for multiple municipal departments. The incident forced staff to implement temporary computer systems at alternate municipal locations to sustain critical services, though processing times for routine tasks increased due to the workaround. Township Manager Jim Brady confirmed the operational impact extended to delays in completing municipal functions but emphasized continuity of services through provisional measures.
The attacker leveraged system access to send fraudulent emails to residents, impersonating legitimate township email addresses to enhance credibility. Brady issued explicit warnings advising residents to scrutinize all communications appearing to originate from township accounts and to avoid interacting with attachments or links within suspicious emails. While officials confirmed the email spoofing campaign, they stated no evidence yet indicated compromise of resident personal data, though the ongoing investigation left open the possibility of future revisions to this assessment. East Windsor formally notified multiple state and federal agencies about the breach, including the New Jersey Office of Homeland Security and Preparedness, the New Jersey State Police, the U.S. Department of Homeland Security, and the FBI. Restoration efforts remained underway as of mid-March 2022, with township personnel prioritizing full system recovery while maintaining interim operational capabilities.