Cyber Incident Victim: Elgin County

Elgin County experienced a significant cybersecurity incident beginning on April 1, 2022, which disrupted its website and external email services for nearly four weeks. The disruption rendered all inbound emails sent between April 1 and April 27 unreachable by county staff, forcing public communications to alternative channels like phone or in-person visits. On April 28, cybersecurity experts identified a post on the website of Conti, a Russia-based ransomware syndicate, claiming to possess Elgin County data. This development suggested the outage might have resulted from a ransomware attack, though the county had initially described it only as a "technical disruption." Conti's listing for Elgin County appeared briefly on Monday, April 25, but was removed by Tuesday morning, leaving uncertainty about whether data was exfiltrated, modified, or if negotiations had occurred. The county did not publicly confirm any data theft or specify whether personal information was compromised during the incident.

County services were fully restored by April 27, 2022, ending the 26-day outage. A public notice on the county’s website advised residents to resend any emails originally transmitted during the disruption period, as those communications were irretrievably lost. The county provided direct contact options, including a phone number and physical address at 450 Sunset Drive in St. Thomas, to facilitate unresolved inquiries. No further technical details about the attack vector, containment measures, or forensic investigations were disclosed by the county. The incident’s operational impact was confined to email and web service unavailability, with no verified reports of leaked data or financial demands from Conti beyond the group’s unconfirmed claims. Elgin County’s restoration notice marked the conclusion of the disruption without elaborating on future safeguards or incident origins.