Cyber Incident Victim: Montclair Township

On June 6, 2023, the Township of Montclair experienced a cyber attack targeting its IT department. The incident coincided with the date of the 2023 primary election. Mayor Sean Spiller publicly stated that the attack did not impact the safety and security of the local voting systems, ensuring the integrity of the election process was maintained despite the ongoing information technology disruption. The specific nature of the attack and the initial vectors of intrusion were not detailed in public reports, but the event was significant enough to require external intervention.

The Township's insurer, the Garden State Joint Insurance Fund, became involved in the incident response. As law enforcement agencies initiated investigations into the attack for potential criminal charges, the insurer entered into negotiations with the individuals responsible for the cyber incident. The objective of these negotiations was to secure a settlement that would end the ongoing attack and allow the township to regain control of its systems. Interim Town Manager Joseph Hartnett confirmed these details in a report to Montclair Local/Baristanet.

A settlement was successfully negotiated to terminate the cyber attack. The agreement involved a financial payment to the attackers. The total cost of this settlement was $450,000, which was paid to the threat actors behind the incident. This payment was facilitated by the Garden State Joint Insurance Fund on behalf of Montclair Township. The decision to pay the settlement was made as part of the effort to contain the incident and stop any further malicious activity against the town's digital infrastructure.

Following the settlement and the cessation of the active attack, recovery efforts commenced. The process of restoring systems and data was not immediate or complete at the time of the initial reporting. Some data belonging to individual users remained to be recovered. Additionally, data connected to outside vendors that provide services to the township, specifically related to the storage of past records, also required recovery efforts. The full scope of the data that was compromised or rendered inaccessible was not fully detailed, but it encompassed both internal user data and information managed by third-party service providers.

In the aftermath of the incident, the Township of Montclair undertook actions to enhance its cybersecurity posture. Interim Town Manager Joseph Hartnett stated that the town had beefed up its security measures as a direct response to the June 6th attack. The specific technical and administrative controls implemented were not enumerated in the available report, but the action indicates a recognition of the need to improve defenses against future potential cyber threats. This strengthening of security protocols was a key component of the organizational response following the containment and recovery phases of the incident.

The financial impact of the incident was directly quantified as the $450,000 settlement payment. This expenditure was made to end the attack and was handled through the township's insurance mechanism. The involvement of the Garden State Joint Insurance Fund was central to the financial resolution of the event, indicating that the township had a cyber insurance policy in place that covered such incidents. Beyond the direct payment, there were likely additional unquantified costs associated with the internal response effort, the investigation, and the ongoing data recovery processes, though these were not specified in the reported details.

The operational impact involved a disruption to the IT department's functions and the loss of access to certain data sets. The need to recover data for individual users and external vendors points to a period of reduced functionality and productivity as systems were restored. The reliance on outside vendors for the storage of records also highlights the interconnected nature of the township's data ecosystem and how an attack on primary systems can have a ripple effect on services provided by third parties. The full duration of the disruption and the complete timeline for full restoration of all services and data were not publicly disclosed.

The incident did not remain an internal matter, as it attracted the attention of law enforcement. Investigations were begun into the attack with the goal of exploring possible criminal charges against the perpetrators. The public report did not specify which law enforcement agencies were involved or the status of their investigations. The pursuit of criminal charges indicates the serious nature of the incident and the township's desire to see the actors held accountable, separate from the financial settlement that was paid to stop the immediate attack.

Public communication regarding the incident was managed by town officials. Mayor Sean Spiller addressed the public to provide assurance about the election systems, which was a primary concern given the date of the attack. Interim Town Manager Joseph Hartnett served as the source for detailed information regarding the settlement negotiation and the ongoing recovery efforts. The reporting by Montclair Local/Baristanet served as the public's primary source of information on the financial terms of the settlement and the specific challenges in data recovery following the attack. The narrative of the event is defined by a cyber attack that was ultimately resolved through a financial transaction with the attackers, followed by a period of recovery and a commitment to improved security practices.