Cyber Incident Victim: St. George Fire Protection District
Date:
Dec 2023
Location:
United States of America
Summary
The St. George Fire Protection District sued a cybersecurity firm after hackers infiltrated its network using legitimate tools to remain undetected and prepare for a future ransomware attack. Law enforcement reported the breach and found that domain controllers had been compromised, plain‑text administrative credentials were stored in a note, the firewall was not logging activity and the network lacked segmentation. The district was forced to rebuild its servers, switches, domain controllers, firewalls and backup systems, and the firm billed it for remediation work and legal fees before seeking arbitration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23, 2023, law enforcement notified the St. George Fire Protection District of a security breach and subsequently examined the district’s servers. Investigators discovered that the network’s domain controllers had been compromised, giving attackers the ability to pose as any user and access any part of the network. The attackers were using a “living off the land” technique, employing legitimate Windows tools already present in the environment to evade detection while moving laterally and escalating privileges. Law enforcement also noted that the same threat actors had previously compromised another unnamed East Baton Rouge municipal agency that also contracted General Informatics for cybersecurity services.
A five‑month review conducted by Louisiana Emergency Support Function —17 uncovered multiple deficiencies in the fire district’s infrastructure. Reviewers found a plain‑text note containing administrative credentials for various accounts and applications, a firewall that was not logging activity, and a lack of network segmentation that could have limited malware spread. They also determined that General Informatics had installed high‑speed internet service but then supplied network switches incapable of handling the increased bandwidth, and that the firm had never performed the required backups of the district’s servers. Following the incident, the fire district rebuilt its entire network, procuring new servers, switches, domain controllers, firewalls, and backup systems. General Informatics billed the district for the remediation work and for its own attorneys’ fees related to the incident.
On May 23, 2026, the St. George Fire Protection District filed a lawsuit against General Informatics, alleging that the firm’s failure to prevent the December 2023 breach left the district imminently vulnerable to a cyber‑attack and seeking damages for the resulting harm. The suit further claimed that General Informatics continued to use known compromised remote‑access credentials after being notified by law enforcement in November 2023, and that the attackers intended to lock the district out of its network pending a ransom payment. In response, General Informatics filed a motion on May 18, 2026 to compel arbitration of the dispute. The litigation remains pending, and the district has incurred costs associated with network reconstruction and legal proceedings.