Cyber Incident Victim: Jersey City Municipal Utilities Authority

The Jersey City Municipal Utilities Authority experienced a ransomware attack on or around September 30, 2020, which disrupted access to critical operational data. The attack compromised systems containing water and sewer service documentation essential for daily operations, creating an emergency condition that threatened service continuity. Agency personnel lost access to vital information required for maintaining infrastructure and responding to service requests. The incident directly impacted the authority’s ability to manage utility services for Jersey City residents, though specific technical details about the ransomware variant or initial attack vector were not publicly disclosed. No evidence suggested customer payment systems or personal data were compromised, as reports focused exclusively on operational disruptions to water and sewer management systems.

In response, the authority engaged a law firm to investigate the incident’s scope and origins, as documented in an October 2020 resolution formally acknowledging the attack’s severity. The resolution confirmed the ransomware encrypted critical files, though restoration timelines and ransom payment details remained undisclosed. No public statements referenced communication with threat actors or data exfiltration claims. The investigation aimed to determine operational impacts and recovery requirements while assessing compliance obligations. Service interruptions were mitigated without explicit reports of prolonged water supply disruptions, though the emergency declaration indicated significant operational risk during the incident’s peak. The authority’s post-incident focus remained on restoring system access and securing infrastructure against future attacks.