Cyber Incident Victim: Dunedin City Council

On October 5, 2022, the City of Dunedin, Florida, announced the discovery of a cybersecurity incident affecting its network environment, first detected the prior day (Tuesday, October 4). The incident disrupted multiple municipal services, including city email systems, online payment portals for permits and utility billing, inspection scheduling platforms, and Parks & Recreation programs including Marina fee processing. Critical water and wastewater treatment infrastructure remained secure and fully operational throughout the incident, with no reported compromise of water safety controls or treatment processes. City telephone systems also continued functioning normally. Municipal authorities initiated an immediate investigation but did not disclose technical details regarding the attack vector, intrusion methods, or identity of threat actors. Service disruptions persisted at the time of the public announcement, with restoration timelines unspecified.

This marked the second cybersecurity incident affecting a Pinellas County municipality within a two-year period, following the February 2021 attack on Oldsmar's water treatment plant. In that prior incident, an unidentified intruder remotely accessed plant systems and temporarily manipulated sodium hydroxide levels before an operator reversed the unauthorized changes. A Florida Department of Law Enforcement investigation later characterized Oldsmar's security posture as "extremely lax," though no suspects were identified. Dunedin officials directed residents to municipal communication channels for updates, emphasizing operational continuity of essential water services while non-essential digital systems underwent forensic analysis and recovery procedures. No evidence suggested direct connection between the two geographically proximate incidents.