Cyber Incident Victim: Delaware County
Date:
Jun 2026
Location:
United States of America
Summary
Delaware County experienced a cyberattack that prompted the shutdown of its government systems after staff detected unauthorized activity, disrupting phones and networks across operations. The county launched an investigation with cybersecurity specialists and forensic counsel, confirming a sophisticated criminal intrusion that accessed its network. While most services have been restored, certain functions such as the library search system and parts of the Recorder of Deeds and Register of Wills offices remain limited, with paper records still available. Payroll and vendor payments continued, and no further unauthorized activity has been observed since containment. The county is working through its cyberinsurance and reviewing security policies as the probe continues.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 26, Delaware County staff detected unauthorized activity on the government network and immediately shut down systems, which disrupted phone and network services across county operations. The county executive director, Barbara O’Malley, later confirmed that the shutdown was in response to a sophisticated cybercriminal attack that allowed attackers to gain access to the county’s network, and she noted that an investigation was underway with the assistance of cybersecurity specialists and forensic counsel. Throughout the investigation the county has been working with its cyberinsurance provider and has not disclosed whether any ransom was paid, stating that details would be shared only after the investigation concludes. The county has emphasized that its priority is determining the scope of the breach, particularly whether any sensitive data was accessed, and it has pledged to issue any legally required notifications if such access is confirmed.

In the weeks following the initial shutdown, county teams have restored nearly all operations, successfully processing payroll for employees and making payments to vendors, while continuing to rely on paper‑based processes for certain services. As of the July 16 update, the library search system and some services in the Recorder of Deeds and Register of Wills offices remained unavailable, although online title searches—which had been inaccessible at the onset of the incident—had been restored. Paper records remained accessible to the public, and the Register of Wills and Recorder of Deeds offices were working to enter manually gathered information back into their computer systems. The county reported that no further unauthorized activity has been observed since containment on June 26, and it has implemented additional network security measures while reviewing existing policies and procedures for possible updates.
Public reaction has included requests for greater transparency about the potential exposure of personal information, the impact on election systems, and the financial cost to taxpayers, with residents and council members asking for a detailed forensic report, lessons learned, and a long‑term cybersecurity strategy. The Delaware County GOP has also commented on the situation via social media, calling for more openness and referencing a proposed ballot initiative to expand the county council. County officials have reiterated that they will share findings and any necessary notifications once the investigation is complete, and they have thanked department staff, external partners, and residents for their patience and continued service during the restoration effort.
