Cyber Incident Victim: City of Henderson
Date:
Jun 2015
Location:
United States of America
Summary
A hacker infiltrated a municipal web server, maintaining unauthorized access for nine days before detection. The intrusion exposed raw versions of publicly accessible data related to detention center inmates, volunteer registrations, and an internal legislative bill-tracking system, though no sensitive or personal information was compromised. The city engaged federal authorities and initiated a law enforcement investigation while contracting a specialized firm for $40,000 to assess breach containment and confirm no lateral movement into internal networks. System administrators disabled the affected server upon discovery, mandated password resets for all employees, and kept inmate lookup services offline for over six weeks pending external security validation. The incident prompted internal reviews to strengthen system defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A hacker breached a City of Henderson web server in June 2015, maintaining unauthorized access for nine days before detection on June 29. The intrusion was discovered when a system administrator noticed anomalies in a monitoring tool tracking anonymous activity, prompting immediate server deactivation. City officials confirmed the compromised server contained raw versions of publicly accessible data, including detention center inmate records, volunteer registration details, and Legitrack—an internal legislative bill-tracking system. No personal information or sensitive internal network data was accessed according to forensic analysis. The city initiated a law enforcement investigation involving unspecified federal authorities, widely presumed to be the FBI based on standard protocols for computer intrusion cases. All municipal employees were instructed to reset passwords as a precautionary measure following the breach discovery.
The city engaged an external incident response firm under a $40,000 contract within days of detection to conduct a comprehensive security assessment, though the contractor's identity remained undisclosed due to nondisclosure agreements. Forensic investigators confirmed the attacker hadn't penetrated beyond the initial server, which hosted only publicly searchable information. As a consequence of the breach, the inmate information portal remained offline for over six weeks pending external security validation, displaying only a generic maintenance message without referencing the intrusion. Henderson Chief Information Officer Laura Fucci characterized the nine-day detection timeframe as relatively short compared to industry averages, citing Mandian research indicating a 205-day median detection period. The incident marked the first known intrusion of this severity since Fucci joined the city government in late 2012. No public disclosure occurred until media inquiries prompted official comments, with no evidence suggesting data manipulation or exfiltration beyond viewing publicly available datasets in their raw format.