Cyber Incident Victim: Twin Falls County
Date:
Aug 2021
Location:
United States of America
Summary
A cyberattack involving malware caused significant network outages in Twin Falls County, disrupting normal operations across multiple departments and forcing the postponement of 275 court hearings. The incident, detected by sheriff’s office staff, led to limited operational capacity, with phone systems temporarily offline before partial restoration and email access maintained via internet hotspots. Private cybersecurity experts and county IT personnel are investigating the external malware source while implementing safeguards to protect personal data, though the risk to sensitive information remains unclear. The local court system restricted activities to emergency matters only, though public document review remained available at select locations. The FBI was notified through the county’s insurance provider, and full resolution timelines were undetermined at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Twin Falls County, Idaho, government experienced significant network disruptions beginning on the morning of Saturday, August 7, 2021, when Sheriff's Office employees first detected anomalies in internet and computer systems. Malware originating from an external source caused persistent outages that continued throughout the following week, severely limiting departmental operations. County phone systems temporarily failed but were restored, while email functionality continued through internet hotspot devices deployed in offices. Commissioner Jack Johnson confirmed the county's IT department collaborated with private cybersecurity experts to investigate the technical disruption's origin and implement protective measures for personal data in county records, though the malware's specific source remained undetermined as of the reporting date. The FBI was notified of the incident through the county's insurance provider as part of standard protocols.
The cyberattack forced the Fifth Judicial District's Administrative Judge Eric Wildman to issue an emergency order on Sunday, August 8, restricting court operations exclusively to urgent matters including in-custody arraignments, civil protection orders, and child protection proceedings. This judicial limitation resulted in the postponement of 275 scheduled hearings across Twin Falls County courts, though parties retained the ability to file and respond to legal documents during the disruption. Public access to court records remained available at limited terminals within the county judicial building. All non-emergency county services operated at reduced capacity, with residents advised to contact departments directly regarding available functionality. Johnson emphasized ongoing uncertainty about both the timeline for full system restoration and whether personal information stored in county systems had been compromised during the incident.