Cyber Incident Victim: Albemarle County
Date:
Jun 2025
Location:
United States of America
Summary
Albemarle County experienced a cyber security incident that disrupted its internet and led to an intentional shutdown by IT officials. The county said the breach had been ongoing for several days and that it was working with cybersecurity experts, state agencies, and federal law enforcement to investigate. Officials have not released details on possible data exposure, citing the active investigation. A University of Virginia professor observed that attacks on local governments usually seek financial gain or data, often involving reconnaissance and possible ransom demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday, June 12, Albemarle County issued an alert that its internet service was down, and shortly thereafter officials acknowledged that a cyber security incident had been underway since earlier in the week. The county confirmed that the disruption to its internet was not accidental but had been deliberately ordered by its cybersecurity and IT personnel as part of the response to the ongoing threat. Because the incident remained active, authorities declined to disclose whether any taxpayer or other sensitive data had been exposed or compromised.
In order to address the situation, Albemarle County said it was collaborating with external cybersecurity specialists and coordinating with state and federal law enforcement agencies to investigate the breach and restore normal operations as quickly as possible. The county’s spokesperson emphasized that the priority was to contain the incident and prevent further impact while the investigation proceeded. No additional details about the specific systems affected or the nature of the attacker’s actions were made public at that time.
Jack Davidson, a professor of computer science at the University of Virginia and a cybersecurity expert, commented that attacks on local governments often follow a recognizable pattern, with investigators typically working to determine how the intrusion occurred and whether it matches the tactics of known threat groups. He noted that the actors behind such incidents are usually motivated by financial gain or the acquisition of data, potentially seeking to ransom stolen information. Davidson also observed that, despite overall declining trends in cyber‑attacks, such intrusions remain relatively easy to carry out and occur frequently, often preceded by reconnaissance efforts that make the malicious activity appear legitimate.
The article detailing the incident was published on June 12, 2025, by the local news outlet WVIR.