Cyber Incident Victim: Minneapolis City Government Systems
Date:
May 2020
Location:
United States of America
Summary
A cyberattack disrupted Minneapolis city government systems, temporarily taking down public websites and services through a denial of service incident that overwhelmed servers. The city restored most affected systems within hours and expected full functionality shortly afterward, confirming no evidence of data compromise. This occurred amid widespread protests following a police-related death and heightened cybersecurity concerns during the pandemic, though officials did not attribute the attack to specific actors or link it directly to civil unrest. Proactive mitigation measures were activated to limit disruption, with ongoing monitoring implemented to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 28, 2020, Minneapolis experienced a cyberattack that temporarily disrupted city government systems during a period of widespread civil unrest following the police killing of George Floyd. The attack, identified as a denial-of-service (DoS) incident, overwhelmed servers with excessive traffic, forcing the shutdown of multiple public websites and internal systems. City officials detected the attack in the early hours of Thursday and initiated immediate response protocols. A municipal spokesperson confirmed that 95% of affected services were restored within hours of the initial disruption, with full restoration anticipated by the end of the same day. The city's IT department implemented pre-established mitigation measures to contain the attack's impact, though specific technical details about the attack volume or duration were not disclosed. No evidence indicated data theft or unauthorized access to sensitive information during the incident. Officials emphasized that while such attacks are common across municipal networks, Minneapolis maintained proactive monitoring systems to minimize operational disruptions.
The cyber incident coincided with escalating protests and riots across the city, where demonstrators clashed with police, looted businesses, and faced tear gas and rubber bullets following Floyd's death three days earlier. City resources were simultaneously strained by managing public safety emergencies and restoring digital services. The spokesperson explicitly declined to attribute the attack to any specific actor or link it to the ongoing civil unrest, maintaining a focus on technical recovery efforts. Broader context noted increased cybersecurity vulnerabilities among local governments during the COVID-19 pandemic, with referenced examples including ransomware attacks against New Orleans and Baltimore. Minneapolis officials reiterated their reliance on existing incident response plans rather than requesting external assistance, contrasting with wider trends of municipalities seeking federal cybersecurity funding during this period. Operational continuity remained the city's primary focus as it addressed parallel civic crises.