Cyber Incident Victim: Town of Plainfield, CT
Date:
Mar 2022
Location:
United States of America
Summary
A ransomware attack targeted municipal systems in Plainfield, Connecticut, compromising town hall and police department computers, encrypting files, and restricting access to emails, reports, and resident data including names, addresses, and phone numbers. The breach disrupted police operations by limiting access to criminal histories, dispatch records, and vehicle registration statuses, while also reducing functional phone lines and disabling fingerprinting capabilities. Town services were forced to operate manually, halting online transactions, permit issuances, and some tax processing. Officials engaged local and federal law enforcement to investigate the intrusion and planned enhanced cybersecurity measures, including employee training and improved firewall protections. No financial data or school district systems were affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The ransomware attack on Plainfield, Connecticut’s municipal systems occurred between late Friday, March 18, and early Saturday, March 19, 2022. Unidentified hackers infiltrated the town’s computer network, encrypting files and restricting access to critical data across Town Hall and the police department. First Selectman Kevin Cunningham publicly confirmed the incident on Monday, March 21, stating the attackers had walled off access to emails, reports, and resident information. Officials deliberately withheld specifics about the breach method or remediation tactics to avoid compromising recovery efforts. The compromised Town Hall systems contained basic resident data—names, addresses, and phone numbers—but no financial details like credit card numbers. Municipal operations reverted to paper-based processes, halting online services, permit issuance, and real-time tax delinquency checks. Building permits could not be generated due to disabled numbering systems, while clerks manually retrieved hard-copy records from vaults.
The police department experienced severe operational disruptions, described by Chief Mario Arriaga as a “complete system failure.” Dispatchers lost access to criminal histories, address risk assessments, and vehicle registration statuses, potentially delaying emergency responses. Only two of six phone lines remained functional, including one 911 line. Officers could not process fingerprints or use in-vehicle laptops, relying on neighboring departments for report completion. Town employees were instructed to keep computers powered off, and Protocol Networks—the town’s IT contractor—assisted with recovery alongside local and federal law enforcement. Nearby municipalities, including Norwich and Killingly, heightened their cyber defenses after the attack, with Norwich’s IT director offering support. Plainfield officials acknowledged insufficient employee cybersecurity training and planned future investments in firewalls, protocols, and mandatory staff education. No ransom payment status or attacker identity was disclosed.