Cyber Incident Victim: Modesto Police Department
Date:
Feb 2023
Location:
United States of America
Summary
A cyberattack targeting the Modesto Police Department potentially exposed personal information, including Social Security and driver's license numbers. The city offered credit monitoring to affected individuals and confirmed only a limited amount of data was accessed, with no ransom paid. The incident disrupted patrol vehicle laptops and IT systems but did not compromise public safety or 911 operations. Officials isolated the police network from the broader city infrastructure, containing the threat through preexisting preparedness measures and rapid IT response. The city collaborated with cybersecurity experts and law enforcement, though details remained restricted to preserve investigation integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2023, the Modesto Police Department detected suspicious activity on its digital network, later confirmed to be a ransomware attack. The incident compromised personal information, including Social Security numbers and driver’s license details, though city officials stated only a limited amount of data was accessed. The city’s investigation, conducted with unnamed cybersecurity experts and law enforcement agencies, determined the breach did not disrupt public services or emergency response capabilities, including 911 operations. Modesto disconnected the Police Department’s network from the broader city network to contain the threat, confirming the attack exclusively affected police systems. While officials refused to disclose the number of impacted individuals or whether they were city employees or members of the public, they announced plans to notify affected parties via U.S. mail and provide complimentary credit monitoring services starting the following week. City spokesman Andrew Gonzales emphasized Modesto did not pay a ransom but declined to specify the ransom amount or demands, citing the ongoing investigation’s integrity.
The city initially withheld public confirmation of the breach until February 8, 2023, five days after detection, following inquiries from *The Modesto Bee*. Anonymous sources familiar with the incident revealed to the newspaper that the ransomware disabled patrol vehicle laptops and other IT infrastructure within the Police Department. Officials attributed the delayed disclosure to investigative protocols but highlighted the effectiveness of their preparedness measures and rapid IT response in mitigating the attack’s duration and scope. Despite the operational impact on police technology, the city maintained that no public safety risks materialized. The full extent of data exposure and the attackers’ methods of network infiltration remained undisclosed, with Gonzales reiterating the need to limit details to preserve the investigation. Modesto’s containment strategy relied on network segmentation and external cybersecurity partnerships, though the identities of these collaborators were not revealed.