Cyber Incident Victim: NextLight

On October 9, 2020, Longmont Power and Communications' NextLight high-speed fiber optic broadband internet service experienced a cyberattack during Friday afternoon hours. The incident was identified as a distributed denial of service (DDoS) attack, which disrupted service for an unspecified number of customers. NextLight engineers immediately responded to mitigate the attack and restore normal operations. Longmont Power and Communications publicly acknowledged the event through a Facebook post on the same day, confirming both the cyberattack occurrence and their technical team's intervention. Service disruptions remained limited to a portion of the customer base rather than causing system-wide outages. The attack specifically targeted NextLight's network infrastructure, though technical specifics regarding attack vectors or traffic volumes were not disclosed publicly. No customer data breaches or unauthorized access incidents were reported in connection with the DDoS event.

Longmont Power and Communications spokesman Scott Rochat subsequently confirmed via email that the disruption stemmed exclusively from the DDoS attack, distinguishing it from other potential causes like hardware failures or maintenance activities. The utility's communications strategy relied on social media updates and direct email correspondence to inform stakeholders, avoiding detailed technical disclosures about mitigation methods. NextLight engineers successfully resolved the attack within hours of its detection, restoring full service without reported lingering effects. The incident marked a confirmed cybersecurity event affecting municipal broadband infrastructure but resulted in no reported financial losses, data compromises, or extended service interruptions beyond the initial attack period. Longmont Power and Communications did not attribute the attack to any specific actor or motive in their public statements.