Cyber Incident Victim: Metropolitan Police Department of the District of Columbia

The ransomware attack targeting the Metropolitan Police Department of the District of Columbia's surveillance camera network occurred on or around January 12, 2017, eight days prior to President Donald Trump's inauguration. Hackers compromised 123 out of 187 network video recorders (70% of the system's storage devices) responsible for archiving footage from public-space CCTV cameras across Washington D.C. This infection rendered the affected cameras unable to record between January 12 and January 15, creating a four-day gap in video surveillance capabilities during a period of heightened security preparations. The attack specifically impacted a closed-circuit television system monitoring public areas, though the exact locations of disabled cameras were not disclosed. City technology officials confirmed the intrusion involved ransomware, though they did not specify whether data was encrypted, stolen, or whether ransom demands were made.

D.C. officials publicly disclosed the breach on January 27, 2017, announcing a citywide effort to reinstall storage devices across the compromised network. The remediation required significant operational resources, as the ransomware infection necessitated large-scale reconfiguration rather than isolated repairs. While the cameras themselves remained operational for live monitoring during the attack, the loss of recording functionality impaired evidentiary collection and retrospective investigative capabilities. No additional details regarding the attack vector, perpetrator identity, or specific ransom demands were released by authorities. The incident highlighted vulnerabilities in critical infrastructure systems during a major national security event, though officials did not report any direct link between the timing and inauguration-related threats.