Cyber Incident Victim: City of Pensacola
Date:
Mar 2024
Location:
United States of America
Summary
The City of Pensacola experienced a potential cyberattack disrupting non-emergency phone systems and causing delays in its 311 citizen support system, while emergency services including police, fire departments, and 911 operations remained unaffected. Critical infrastructure such as the Port of Pensacola and Pensacola International Airport continued normal operations, though some city departments established alternate contact numbers due to phone outages. The incident, under active investigation, mirrors a prior ransomware attack that previously compromised municipal systems and data. City employees retained email access, and while scheduled public meetings proceeded, livestream capabilities were temporarily suspended. The extent of system impacts or potential data compromise remains unclear pending further review.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Pensacola experienced a potential cyberattack over the weekend of March 17, 2024, disrupting non-emergency city phone systems and network operations. City spokesman Jason Wheeler confirmed a "potential computer network security incident" that disabled municipal phone lines but left emergency services for police, fire departments, and 911 operations unaffected. Critical infrastructure including the Port of Pensacola and Pensacola International Airport continued normal operations. The incident followed a pattern similar to a 2019 ransomware attack that compromised city systems, though officials did not confirm whether the 2024 event involved ransomware. City Hall maintained scheduled operations for its March 18 council meeting but canceled the livestream, opting to record and post proceedings later. Affected departments established alternate phone contacts for essential services including Pensacola Energy, Sanitation Services, Development Services, Public Works, Engineering, and Housing. The 311 citizen support system experienced delays, while city employees retained email access throughout the disruption. Mayor D.C. Reeves declined comment due to the active investigation, and authorities had not disclosed specific compromised systems or data breaches as of the initial reports.
This incident echoed Pensacola's December 2019 cyberattack where hackers infiltrated systems, exfiltrated 2 GB of data, and posted it online. The city restored operations using backups without paying ransom but incurred over $300,000 in costs for cybersecurity consultants and identity theft protection for 57,000 potentially affected individuals. During the 2024 event, officials emphasized maintaining emergency response capabilities while working to resolve phone system outages. No threat actors claimed responsibility, and the city's press release described the situation as an "ongoing network security incident" without confirming its nature. The historical precedent of the 2019 attack informed public communications, with officials withholding technical details pending investigation. Service disruptions remained limited to non-emergency functions, reflecting continuity planning implemented after the prior incident.