Cyber Incident Victim: St. Clair County, Illinois

On or around May 28, 2021, St. Clair County, Illinois, experienced a cybersecurity incident that disrupted multiple critical county services. The county's Information Technology Director, Jeff Sandusky, confirmed the organization became aware of the incident on that date and immediately initiated measures to secure its computer systems. By June 2, the county disabled its public website (www.co.st-clair.il.us) as a precautionary measure while investigating the breach. The ransomware group Grief claimed responsibility for the attack, alleging it had stolen sensitive data from the county. Operational impacts began manifesting immediately after the incident was detected, with court record access, online ticket fee payment systems, and jail management networks rendered inoperable. These disruptions persisted for several days, significantly impeding routine county operations.

The jail's network failure prevented inmate releases and bond processing, as reported by an anonymous woman whose partner remained detained beyond his scheduled release date due to the system outage. County authorities engaged law enforcement and third-party cybersecurity specialists to investigate the attack's origin and scope while working to restore services. Partial recovery occurred by June 4 when the county website resumed operations, though some backend systems remained offline. Grief, identified as an emerging ransomware operation, listed St. Clair County among at least five entities it allegedly compromised, including Mobile County, Alabama, and HDHC Home Decor. The group claimed possession of internal documents along with personal and customer data, though the county did not publicly confirm the exact nature or extent of data exfiltration. Restoration efforts continued with no confirmed timeline for full system recovery at the time of reporting.