Cyber Incident Victim: City of Noblesville

The City of Noblesville, Indiana, experienced a cybersecurity incident involving an external system breach through hacking on October 22, 2024. The breach remained undetected until January 22, 2025, when the city discovered unauthorized access to its systems. The compromised data included names combined with other personal identifiers, though the specific types of additional information were not detailed in public notifications. A total of 1,841 individuals were affected by the breach, including one resident of Maine. The delayed discovery indicated a three-month period during which attacker activity persisted without detection. No evidence suggested prior breaches within the preceding twelve months. The city engaged legal counsel from McDonald Hopkins PLC to manage breach response protocols.

Noblesville initiated written notifications to affected individuals on February 18, 2025, outlining the nature of the incident and the categories of exposed information. The city offered twelve months of complimentary credit monitoring and identity theft protection services through IDX to mitigate potential harm to impacted persons. Documentation submitted to Maine’s Attorney General included a redacted copy of the notification letter, confirming adherence to state disclosure requirements. No additional technical details regarding attack vectors, containment measures, or system vulnerabilities were disclosed publicly. The breach’s operational consequences for municipal services or internal systems remained unspecified in regulatory filings. Legal representatives confirmed completion of consumer notifications within the mandated timeframe following the discovery date.