Cyber Incident Victim: City of Huber Heights
Date:
Nov 2023
Location:
United States of America
Summary
A ransomware attack disrupted multiple municipal operations in Huber Heights, impacting departments including zoning, engineering, tax, finance, utilities, human resources, and economic development, though public safety services remained operational. The incident prompted isolation of systems, forensic investigations, and collaboration with private cybersecurity firms and federal law enforcement agencies. Recovery efforts included migrating financial operations to secure cloud infrastructure, installing enhanced firewalls, restoring online payment capabilities, and gradually reactivating services like permitting and code enforcement. Residents experienced temporary limitations on digital transactions, with late fees and utility disconnections suspended during restoration. A state of emergency was declared to expedite response measures while evidence collection for criminal prosecution proceeded.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Huber Heights experienced a ransomware attack at 8:13 a.m. on November 12, 2023, initially detected by dispatchers observing computer system irregularities. Emergency services—including police, fire, and EMS communications—were swiftly transitioned to a regional dispatch center to maintain operational continuity, with no disruption to 911 response or public safety operations. The city’s IT department isolated all affected systems to contain the attack and preserve forensic evidence. Impacted divisions included Zoning, Engineering, Tax, Finance, Utilities, Human Resources, and Economic Development, necessitating the suspension of online payment processing for utility bills, permits, and taxes. Residents were instructed to make in-person payments with cash or checks at designated offices, with late penalties and utility disconnections suspended through November 30. Critical services like trash collection and leaf pickup continued uninterrupted.
City Council declared a State of Emergency during its November 13 meeting to grant the City Manager expanded authority for rapid response. Daily public updates at 2:00 p.m. detailed recovery progress, including the distribution of temporary access devices to departments by November 14 and the restoration of zoning, permitting, and code enforcement services by November 15. Online payment capabilities were partially restored on November 15 for general fees, though utility billing required additional time. The city engaged private cybersecurity firms to rebuild secure IT infrastructure and migrated financial operations to a cloud-based system by November 17. Concurrently, the FBI, Secret Service, and other law enforcement agencies assisted in forensic evidence collection, completed by November 16, for criminal investigation. No evidence indicated the attack specifically targeted Huber Heights, though officials noted similar incidents in other U.S. cities. Residents were assured they would be notified if personal data was compromised, with service restoration timelines initially estimated at one week but progressing ahead of schedule.