Cyber Incident Victim: Cuyahoga Metropolitan Housing Authority

On February 10, 2021, the Cuyahoga Metropolitan Housing Authority (CMHA) in Cleveland, Ohio, experienced a cyberattack attributed to the Doppel Paymer ransomware group. The attack disrupted the agency’s website and rendered computer systems inaccessible for many of its 700 employees, severely impairing operational capabilities. Initial disruptions lasted eight days, during which CMHA’s public-facing services and internal workflows faced significant interruptions. The attackers exfiltrated sensitive data prior to deploying ransomware, a tactic consistent with Doppel Paymer’s double-extortion strategy. On February 22, 2021, the group published the first batch of stolen documents on their Tor network leak site, confirming the theft of confidential information. CMHA acknowledged the incident through a spokesperson but did not disclose the specific types of data compromised or the ransom demands. The attack highlighted immediate operational impacts, including prolonged downtime and restricted employee access to critical systems.

The incident underscored the disruptive potential of ransomware attacks on public housing authorities, particularly given CMHA’s role in administering housing assistance programs. While CMHA did not detail containment or recovery measures publicly, the eight-day outage suggested extensive remediation efforts were required to restore systems. The publication of stolen data on Doppel Paymer’s leak site increased risks of secondary harms, such as identity theft or fraud targeting affected individuals. No further details regarding data restoration, forensic investigations, or coordination with law enforcement were disclosed in the available sources. The attack exemplified the growing trend of ransomware groups targeting municipal and public service entities to maximize leverage for extortion.