Cyber Incident Victim: Village of Skokie
Date:
Dec 2023
Location:
United States of America
Summary
A cyberattack compromised Skokie's network, forcing a system-wide shutdown and prompting officials to instruct staff to withhold details from the public. An unauthorized actor accessed and exfiltrated files and data, though investigators could not confirm misuse of employee information. The village incurred over $42,000 in expenses for hardware and IT consultants, provided two years of credit monitoring to employees, and declined to disclose whether ransomware was involved or if a ransom was paid. External forensic experts assisted in securing the network and investigating the breach, which remained under ongoing review with limited public disclosure. Library staff and former employees whose data was processed through the network were notified weeks after the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 18, 2023, Skokie's IT Director Tomasz Tarasiuk instructed all village staff to shut down their computers immediately due to a "Village-wide network outage," later attributed to an unauthorized actor breaching municipal systems. The following day, Assistant Village Manager Nicholas Wyatt confirmed a cybersecurity incident had been discovered, revealing the village had engaged external experts to investigate its scope. By December 21, Wyatt formally notified employees the outage resulted from a cyberattack but stated investigators had not yet determined whether sensitive employee data was compromised. Village leadership directed staff to withhold details from the public, providing only a scripted statement about a generic network outage being resolved, warning that sharing incomplete information could have "serious, unintended consequences." Internal communications showed officials spent $42,000 in the subsequent month on emergency IT services, including $16,100 with Techno Consulting, $16,157 with Cititechs Inc., $6,000+ at Costco, $2,900 with Amazon Business Services, and $1,600 with Gregg Communications—though none were described as top-tier forensic firms in initial invoices.
On January 9, 2024, Wyatt disclosed that investigators confirmed an "unauthorized actor acquired certain files and data" from Skokie's network but found no evidence of misuse of employee personal information. The village provided two years of free credit monitoring to all employees as a precaution and later notified Skokie Public Library staff and former employees—whose financial data was processed through the compromised network—via letters sent the week of January 15. A village spokesperson denied paying any ransom but declined to confirm whether ransomware was involved, while redacted records indicated their insurer covered costs for London-based firm first CFC's forensic services post-disclosure. The attack disrupted municipal operations for weeks, with a staffer citing the ongoing "network outage" as preventing compliance with public records requests in January. Village officials maintained the investigation remained "ongoing" as of the article's publication, offering no timeline for resolution or details on data compromise scope, despite Illinois laws requiring prompt breach notifications to individuals and the attorney general for incidents affecting over 500 residents.