Cyber Incident Victim: City of Medford

The City of Medford experienced a cybersecurity incident involving its online utility billing service, which was compromised by previously unidentified malware. The breach occurred in two distinct periods: initially from February 18 to March 14, 2018, and subsequently from March 29 to April 16, 2018. Forensic investigators confirmed the intrusion on June 5, 2018, determining that attackers had exploited a zero-day vulnerability using novel malware that evaded existing detection mechanisms. This previously unseen malware allowed unauthorized access to the system for extended durations without triggering security alerts. The city's delayed discovery resulted from the attackers' use of this undetectable exploit, which security tools could not recognize during the active compromise periods.

The incident potentially exposed personal information of 1,842 Medford residents who used the municipal utility billing platform. City officials issued breach notifications to affected individuals on July 25, 2018, approximately seven weeks after forensic confirmation of the compromise. The malware specifically targeted the Click2Gov payment system used for processing utility payments, though investigators did not publicly confirm whether data exfiltration occurred. No details regarding specific data elements at risk were disclosed in the public notification. The city's response focused on informing impacted residents while forensic analysis continued to determine the full scope of attacker activities during the two intrusion windows.