Cyber Incident Victim: U.S. Virgin Islands Government

On March 25, 2021, the U.S. Virgin Islands Government announced an investigation into a possible cyber breach affecting its Recorder of Deeds and Cadastral Divisions. Lt. Gov. Tregenza Roach disclosed that the incident disrupted service delivery, prompting immediate response efforts by government teams. Manual workarounds were implemented to maintain limited public services, though officials warned of processing delays for all requests to these divisions. The announcement did not specify the attack vector or identify responsible actors but confirmed operational impacts on two critical property-related divisions. This marked at least the fourth significant cyber incident targeting Virgin Islands government agencies within three years, following earlier attacks on the V.I. Port Authority, V.I. Water and Power Authority (WAPA), and V.I. Police Department.

The territory had experienced multiple cybersecurity incidents prior to the 2021 breach. The V.I. Port Authority suffered a network intrusion on January 29, 2021, leading to unauthorized access that required network lockdown, third-party cybersecurity investigation, and law enforcement involvement. In 2018, WAPA lost $2.17 million through email wire transfer fraud, with funds routed to Chinese and international accounts, resulting in protracted insurance litigation settled under confidential terms. The V.I. Police Department faced two separate ransomware attacks in April and June 2019 that compromised data systems, requiring ongoing restoration efforts documented in federal court proceedings related to consent decree compliance. These repeated incidents collectively disrupted property services, law enforcement operations, critical infrastructure management, and maritime transportation systems across the territory over a three-year period.