Cyber Incident Victim: Amherst, Massachusetts

On the week prior to March 10, 2025, the town of Amherst, Massachusetts experienced a denial of service attack on its official website. A second denial of service attack occurred on Monday, March 10, 2025, as reported by Town Manager Paul Bockelman during the March 10 Town Council meeting. Bockelman stated that federal surveillance groups had alerted the town after discovering a message on the dark web that read, “We just took down Amherst Mass.” He noted that a similar attack had been observed against Lexington. According to Bockelman, the attack generated a volume of requests that caused the website to freeze for users, leading individuals to abandon attempts to access the site. The town’s IT department began monitoring the situation and working on measures to prevent further incidents.

Council Clerk Athena O’Keeffe reported that the denial of service attack prevented her from posting the agenda for the scheduled Tuesday Governance, Organization, and Legislation meeting, resulting in the cancellation of that meeting. She also described having to attempt multiple times to post the agenda for the Town Council meeting before the website would finally accept the submission. When asked by Councilor Mandi Jo Hanneke whether meeting information could be posted elsewhere if the website remained unavailable, O’Keeffe explained that state law requires agendas to be posted on the site registered with the Secretary of the Commonwealth, which is the town website. Despite the disruption, O’Keeffe expressed confidence that the denial of service attacks would not continue to occur. The IT department continued its efforts to strengthen the website’s resilience against similar traffic overloads.