Cyber Incident Victim: City of Alton
Date:
Mar 2021
Location:
United States of America
Summary
The City of Alton experienced a data incident involving unauthorized access to its information networks, prompting immediate security measures. An anonymous employee alleged the event was a ransomware attack resulting in a $200,000 payment to threat actors for data deletion, though officials did not publicly confirm these details. Employees reportedly received internal communications advising them to verify payroll withholdings due to system disruptions, without explicit acknowledgment of compromised Social Security Numbers. The incident led to operational disruptions requiring temporary reliance on outdated records while networks remained inaccessible for approximately one week.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 5, 2021, the City of Alton, Illinois, experienced a cybersecurity incident involving unauthorized access to its information networks. Mayor Brant Walker publicly confirmed the "data incident" on March 25, 2021, three weeks after its occurrence, stating the city had immediately implemented security measures to protect its systems. The city's official acknowledgment provided no specific details regarding the nature of the breach, compromised data types, or operational impacts. However, internal communications obtained by a self-identified city employee revealed broader consequences, including system outages that forced the municipality to rely on outdated records for payroll processing during a week-long disruption. Employees received instructions to verify paycheck withholdings due to these operational challenges, though official notifications omitted references to potential exposure of sensitive personal information.
Contrary to the city's limited public statements, an anonymous employee source claimed the incident constituted a ransomware attack in which threat actors demanded payment to delete stolen data. According to this account, the city paid $200,000 to secure deletion of the compromised information, though no official confirmation supported this assertion. The same source alleged employee Social Security Numbers were compromised without disclosure to affected personnel, creating internal concerns about transparency. In response to the city's withholding of details, DataBreaches.net filed a Freedom of Information Act request seeking documentation related to the incident's scope, response actions, and decision-making processes. The city's public communications remained restricted to confirming the incident's occurrence and asserting prompt containment measures, leaving unresolved questions about data exposure extent, threat actor identity, and financial transactions. Operational recovery efforts included temporary reliance on legacy systems during network remediation.