Cyber Incident Victim: State of Alabama
Date:
May 2025
Location:
United States of America
Summary
The Alabama state government experienced a cybersecurity incident involving abnormal network activity detected recently, causing temporary disruptions to websites, email, and phone services for state network users. While some state employee usernames and passwords were compromised, resident personal data remained unaffected. State technology teams are actively working around-the-clock to mitigate impacts, establish a recovery timetable, and ensure continuity of essential services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Alabama Office of Information Technology detected abnormal activity on the state network during the week preceding May 9, 2025, specifically identifying a cybersecurity "event" on the prior Friday. Upon discovery, state technology teams initiated an immediate response, working continuously around the clock to investigate the incident and implement mitigation measures. By Monday, May 9, 2025, the Office publicly acknowledged the event, issuing a notice warning users of the state network about potential disruptions. These disruptions impacted access to various state-operated websites, email systems, and phone services, causing temporary interruptions for users relying on these platforms. The investigation confirmed that some state employee usernames and passwords were compromised during the incident. However, the notice explicitly stated that the personal data belonging to Alabama residents remained secure and was not accessed or compromised. The state's response prioritized minimizing the impact on essential public services while the technical teams worked diligently to understand the full scope.
Governor's Communications Director Gina Maiola signed the public notice, emphasizing that state teams were actively focused on establishing a clear timetable for full restoration of services and ensuring continuity for critical government functions. While specific details regarding the nature of the attack vector or the identity of the perpetrators were not disclosed, the state confirmed the event was disruptive and required significant resources to manage. The incident occurred against a backdrop where cyberattacks targeting state and local governments were reportedly declining in frequency, though the financial burden of recovery from such incidents, particularly ransomware, had risen substantially according to industry reports referenced in the announcement. The Alabama Office of Information Technology maintained its focus on containing the incident, mitigating ongoing impacts, and restoring normal operations across the state network infrastructure.