Cyber Incident Victim: City of Sheboygan
Date:
Nov 2024
Location:
United States of America
Summary
The City of Sheboygan experienced a cybersecurity incident involving unauthorized external access to its network, prompting isolation of affected systems and engagement with cybersecurity experts and law enforcement. A ransom demand was received, though no evidence of compromised sensitive personal information has been identified during the ongoing forensic investigation. The city maintained phone services for residents while continuing its security review and response coordination with authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 7, 2024, the City of Sheboygan, Wisconsin, detected anomalous network activity prompting an immediate operational response. Within three days of initial detection, municipal IT personnel confirmed unauthorized external access to city systems and engaged third-party cybersecurity experts to assist with containment and forensic analysis. The city proactively isolated affected network segments to prevent further intrusion spread while maintaining critical phone services for residents through its 920-459-4000 helpline. By November 10, investigators verified that threat actors had issued a ransom demand, though the specific amount, payment method, and attacker identity remained undisclosed. City officials concurrently notified federal law enforcement agencies and integrated their investigative guidance into the response protocol. Preliminary forensic examinations found no evidence of exfiltration or compromise of sensitive personal information belonging to residents, employees, or municipal partners.
The City of Sheboygan maintained continuous public updates through official communications channels, designating City Administrator’s Assistant Marie Foss (920-459-3287) and Communication Specialist Veronica Valdez (920-459-3317) as primary contacts for resident inquiries and media coordination respectively. Municipal services requiring network access experienced operational disruptions during the containment phase, though non-digital operations continued unimpaired. Cybersecurity teams completed network stabilization by November 10, enabling the initiation of a comprehensive forensic review to determine intrusion vectors, dwell time, and potential data exposure. No ransomware deployment or data destruction tactics were observed, with the incident primarily characterized as unauthorized access culminating in extortion attempts. The city reaffirmed its commitment to transparency, pledging future notifications should forensic evidence reveal compromised personal information. Law enforcement collaboration remained ongoing as of the latest public statement.