Cyber Incident Victim: Southold Town
Date:
Nov 2025
Location:
United States of America
Summary
Southold Town’s Laserfiche online records portal was taken offline by a cyberattack, leaving it unavailable for an extended period while police had to write reports by hand until most of the town’s computer systems were restored. The portal has since been brought back online, though users report persistent slowdowns that officials attribute to heavy traffic as many try to access the system. In response, the town’s network specialist said the portal has been isolated from internal networks to a much greater degree, making the setup considerably safer than before the breach. Federal and county agencies, including the FBI and the Department of Homeland Security, assisted with the investigation, and no suspect has been publicly identified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 26, 2025, the day before Thanksgiving, Southold Town experienced a cybersecurity attack that took its Laserfiche online records portal offline. The breach compelled the Southold Police Department to handwrite reports because nearly all of the town's computer systems were affected. Restoration efforts continued, and by December 9, 2025, most of the town's computer systems had been brought back online. During the incident, the Federal Bureau of Investigation, the Department of Homeland Security, and Suffolk County officials were engaged in the response. No suspect has been publicly identified in connection with the attack.
Nearly seven months later, on June 17, 2026, town officials announced at a Town Board work session that the Laserfiche portal had been restored and was again accessible to the public. Although the system was back online, users reported experiencing severe slowdowns when trying to access records. Town Board member Brian Mealy noted the slowdowns and attributed them possibly to heavy traffic as many community members attempted to use the portal simultaneously. Network specialist Liam Chiello stated that he had not personally observed any issues but urged patience while the remaining kinks were resolved.
Chiello also described the cybersecurity improvements that had been implemented since the attack, explaining that before the breach the Laserfiche system was not sufficiently isolated from the town's internal networks and computers. After the incident, the town rearchitected the environment to place Laserfiche in a much more isolated and secure configuration, which he characterized as being a lot safer than the prior setup. These changes were part of the broader response effort that followed the November 2025 cyberattack.