Cyber Incident Victim: Minneapolis Park and Recreation Board

On November 20, 2024, the Minneapolis Park and Recreation Board (MPRB) experienced a cyberattack targeting its technology systems early in the morning. An unidentified actor compromised the organization’s infrastructure, triggering a system-wide phone outage that persisted for weeks. The MPRB Information Technology Services (ITS) department immediately initiated containment measures to prevent further damage, though the full scope of compromised data remained under investigation. Officials confirmed the attack disrupted all inbound and outbound phone communications across departments but emphasized that program registration systems—critical for public recreation activities—remained unaffected. No specific details about the attack vector or perpetrator motivations were disclosed. The disruption forced the organization to rely on alternative communication channels while technicians worked to restore services.

The MPRB publicly acknowledged the incident on November 22, 2024, advising residents to use email ([email protected]) or its website for non-emergency inquiries while phone lines remained inoperable. Temporary contact numbers were issued for Customer Service (612-491-9099), Park Police (612-499-9323), and Forestry (612-491-9089) to mitigate operational interruptions. Emergency protocols directed the public to call 911 for police-related matters instead of attempting to reach Park Police through compromised channels. Internal efforts focused on forensic analysis to identify potentially accessed or exfiltrated data, though no evidence suggested broader system compromises beyond the phone infrastructure. Restoration timelines for full phone functionality were not established, leaving the organization dependent on interim solutions indefinitely. The board characterized the incident as part of a growing trend of cyberattacks affecting both public and private entities.