Cyber Incident Victim: Wexford County

On or about November 5, 2024, Wexford County, Michigan, discovered it had experienced a cyber incident, prompting immediate network access termination to contain potential threats. The county engaged specialized third-party forensic and technical experts to assist in investigating the breach, though the specific attack vector and initial intrusion timeline remained undisclosed. No operational disruptions to county services or departments were explicitly reported in the initial announcement. The county emphasized its rapid response and commitment to resolving the incident through methodical analysis, acknowledging the investigation could extend for several weeks before reaching definitive conclusions. Wexford County did not initially confirm whether data exfiltration occurred or specify which systems or departments were targeted during the incident.

The county’s public statement prioritized transparency regarding potential personal information impacts, pledging direct notifications to affected individuals if compromised data was identified during the forensic review. No ransomware claims, threat actor attributions, or financial demands were disclosed in the initial advisory. Response efforts focused on containment via network isolation and evidence preservation through third-party expertise, with no mention of system restoration timelines or pre-incident security measures. The announcement included no references to law enforcement involvement or regulatory reporting obligations at that stage. Wexford County maintained standard operational hours and contact channels for public inquiries despite the network shutdown, redirecting informational updates to its primary website while the investigation proceeded.