Cyber Incident Victim: Anne Arundel County
Date:
Feb 2025
Location:
United States of America
Summary
Anne Arundel County experienced a cyber incident of external origin disrupting government IT services, prompting temporary closure of county buildings and limiting online systems. Officials took precautionary measures including restricted internet access while working with IT, cybersecurity specialists, and law enforcement to investigate and restore systems. While critical services like 911, 311, parks, and senior centers remained operational, some functions required manual workarounds; bill payments faced restrictions but accommodations were offered for late payments. The full scope and recovery timeline remained undetermined as restoration efforts prioritized essential services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Saturday morning, February 22, 2025, Anne Arundel County experienced a cyber incident of external origin impacting its government IT systems. County officials, including County Executive Steuart Pittman, acknowledged the attack prompted precautionary measures to ensure system safety. By Monday, February 24, the incident led to the closure of county government buildings due to the disruption of public services. Officials advised residents to contact departments before visiting, as services might be limited. While the full scope and specific nature of the attack were still being determined during the investigation, the county described it as impacting public services and necessitating system isolation. The county landfill and recycling centers were closed on Monday, though curbside trash and recycling services continued as scheduled. Department of Recreation and Parks venues, including regional parks, remained open. Anne Arundel County Public Schools and the county library system were not impacted by the cyberattack. Officials required emergency and essential employees to report for work despite the closures, while employees capable of telework were encouraged to do so due to potential internet connectivity issues.
County Executive Pittman confirmed officials were working diligently with the Anne Arundel County Office of Information Technology, public safety officials, cybersecurity specialists, and each department to investigate the incident and restore services. Precautionary measures included limiting access to the internet and some systems until full operations could resume. As of February 26, the county stated it had made some progress securing and restoring systems but could not share detailed information about the incident's scope, specific impacted departments, or attacker methods while the investigation continued and to avoid aiding potential threat actors. Manual processes were implemented for some services affected by missing technology components. Public-facing service impacts included the inability to accept credit card payments online or in person at cashier offices, though payments by check or cash were accepted at locations in Annapolis and Glen Burnie. Phone payments with fees were available. The Office of Finance offered accommodations for late water or tax bill payments resulting from disruptions. The Permit Center in Annapolis remained open, as did Senior Centers, Aging and Disabilities customer service centers, parks, and recreational centers. Critical 911 and 311 services operated normally throughout the incident. The county could not provide a timeline for full recovery from the cyberattack, focusing instead on restoring services in priority order.