Cyber Incident Victim: Town of Houlton Police
Date:
Oct 2019
Location:
United States of America
Summary
The Houlton Police Department experienced a malware attack that encrypted part of its network, temporarily restricting file access. After restoring operations from backups, investigations revealed unauthorized network access over an extended period preceding the incident, though forensic analysis could not confirm data exfiltration. The department proactively notified individuals whose personal information might have been compromised and provided credit monitoring and identity restoration services. This marked the agency's second known malware incident, following a prior ransomware event where files were similarly encrypted and a ransom was paid to regain access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 16, 2019, the Town of Houlton Police Department in Maine discovered that a portion of their computer network had been locked by malware, preventing access to critical files. The malicious activity was traced back to October 15, with forensic investigations revealing unauthorized access to their systems occurring as early as January 25, 2019 – a nine-month window of potential compromise. The department immediately implemented restoration procedures using backup systems, successfully recovering operational capabilities without paying ransom demands. Two independent cybersecurity firms conducted investigations but could not conclusively determine whether attackers had accessed or exfiltrated any sensitive data during the intrusion period. As a precautionary measure, the department notified all individuals whose personal information was potentially exposed, offering affected parties credit monitoring services through Kroll, including identity restoration assistance, fraud consultation, and insurance coverage. The public disclosure of this incident occurred nearly five months later on March 17, 2020.
This malware attack represented the second major cybersecurity incident for the Houlton Police Department within five years. In April 2015, the agency fell victim to a similar ransomware attack that completely locked their files, forcing them to pay a ransom to restore access to their computer systems. The 2015 incident received public attention through media reports that highlighted the department's ransom payment decision. While the 2019 response demonstrated improved preparedness through successful backup restoration and proactive victim notification, the recurrence raised questions about systemic vulnerabilities. The department did not disclose the specific intrusion vector for the 2019 attack or whether phishing tactics similar to those commonly associated with such breaches were involved. No financial details regarding recovery costs, cybersecurity improvements, or fraud protection services were made public following either security incident.