Cyber Incident Victim: Derby Police Department
Date:
Mar 2025
Location:
United States of America
Summary
The Derby Police Department's computer systemsmay have been compromised by a third party, with city officials declining to share details about the incident. Officials added an executive session agenda item concerning a security matter related to the department's IT system, and the police chief reported trouble accessing data. Four independent sources indicated the incident appears to involve ransomware, where attackers seize control of data and demand payment for its restoration. The article notes that cyber attacks on police departments and local governments have been increasing, and that smaller agencies often lack resources for robust cybersecurity. It also includes a description of typical ransomware effects, such as lockout of records management systems and threats to delete files unless a ransom is paid.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 11, 2025, during a tax board meeting, Derby Police Chief Scott Todd stated that the department was experiencing difficulty accessing its data. On March 13, 2025, the Derby Board of Aldermen and Alderwomen meeting agenda was amended to include a discussion item for an executive session concerning a security matter related to the police department’s information technology system, a wording suggested by Derby Corporation Counsel Richard Buturla. On March 17, 2025, The Valley Independent Sentinel contacted the police chief and the office of Mayor Joseph DiMartino for additional information, but officials declined to share specifics about the incident. The article published on March 1, 2025, noted that computer systems at the Derby Police Department may have been compromised by a third party.
Four independent sources told the newspaper that the incident appears to involve ransomware, in which an external party gains control of data access and demands payment for restoration. The Derby Police Department had previously suffered a ransomware attack in 2018, during which hackers took control of the email system, payroll records, and human resources documents and held the data hostage for more than twelve hours while demanding a ransom, as reported by WTNH at the time. In 2022, the Town of Plainfield and its police department experienced a similar ransomware incident that held their data hostage, also reported by WTNH. According to a 2024 StateScoop article cited in the report, malware attacks increased by 148 percent from 2023 to 2024 and ransomware attacks rose by 51 percent over the same period. A 2021 article by retired police officer Tim McMillan explained that smaller local governments and police departments are often vulnerable to such attacks because they frequently lack sufficient funding for cybersecurity measures and software updates.
McMillan’s description of a typical ransomware scenario notes that a police department may suddenly be locked out of its records management system, which contains personnel files, police reports, and investigative documents, after which attackers impose a deadline for payment or threaten permanent deletion of the data. The current incident has left the Derby Police Department unable to access certain data, as indicated by the chief’s comment about trouble accessing data, and has prompted officials to convene an executive session to discuss the security matter. As of the article’s publication, no further details about the attack’s scope, any ransom demand, or remedial actions had been disclosed to the public, and the story was noted to be updated if the department releases additional information.