Cyber Incident Victim: City of Carmel

The City of Carmel, Indiana, experienced a disruptive cybersecurity incident on September 18, 2020, when unauthorized actors compromised its official municipal website, carmel.in.gov. The city’s information technology department identified the breach shortly after 8:00 a.m. local time that Friday, prompting immediate action to mitigate the intrusion. Upon discovery, officials took the website offline to contain the threat and prevent further unauthorized access. City spokesman Dan McFeely publicly confirmed the hacking incident and the deliberate takedown, emphasizing the priority of securing the system before restoration. The website remained inaccessible throughout Friday afternoon as technical teams worked to assess the scope and origin of the breach. No additional city systems or online services were reported as compromised during this initial phase, though the primary website served as a critical portal for resident communications and municipal information.

Municipal operations shifted to alternative communication channels while the investigation continued, though the specific methods used by the attackers and the exact nature of the compromise were not disclosed publicly. The city’s response focused on forensic analysis to determine how the breach occurred and whether any data was accessed or exfiltrated. McFeely reiterated the goal of restoring website functionality as soon as possible but provided no estimated timeline for resolution. The incident disrupted public access to city updates, online forms, and other digital services typically hosted on the platform. No ransomware demands or explicit attacker motives were cited in initial reports, and the city did not disclose whether law enforcement agencies were involved in the investigation. Restoration efforts remained ongoing at the time of the last public update on September 18.