10 Notable Cyber Attacks on Government Agencies

Share :

While much of the media focus is on cyber attacks in the private sector, government is no stranger to cybercrime. According to Verizon’s 2021 Data Breach Investigations Report, the public sector experienced 3,236, or 11% of the attacks analyzed in the report, not even taking into account nation-state attacks. Unfortunately, governments of every size in every country can become targets, as there’s no end in sight to public-sector attacks.

Given the push by many local, state, and federal governments to embrace digital transformation, cybersecurity has become increasingly important. Government agencies hoping to reap the benefits of digital transformation without exposing themselves to excessive risk must be willing to embed robust security into every aspect of their IT environment.

To follow are descriptions of 10 infamous cyber attacks that rattled government agencies and grabbed national headlines. They demonstrate the depth and severity of threats, against which an increasingly digitized public sector must constantly protect itself.

10 Major Cyber Attacks on Government Agencies

10. Canadian Revenue Agency

A successful credential stuffing attack against the Canadian Revenue Agency’s online portal initially impacted 5,500 personal accounts and online portals related to COVID-19 relief programs, before the agency later increased the number of accounts exhibiting suspicious activity after the breach to 48,500.

  • Cyber attack type: Credential stuffing
  • Location: Canada
  • Cost: Not disclosed
  • People affected: 48,500 personal accounts

Attackers used credentials from non-governmental data breaches and were able to gain access due to users recycling login names and passwords.

9. Bernalillo County, New Mexico

In the aftermath of a ransomware attack in New Mexico, prisoners incarcerated in Bernalillo County found themselves confined to their cells. The ransomware attack had taken cameras at a local jail offline and deactivated the jail’s automated doors, forcing officers to use manual keys to confine the prisoners.

  • Cyber attack type: Ransomware
  • Location: New Mexico
  • Cost: Not disclosed
  • People affected: Not disclosed

In separate attacks following the attack against the county’s prison system, Albuquerque’s public school system was forced to close for two days, while computer systems of Bernalillo County went offline, resulting in the inability of residents to file for mortgage loans.

8. Pottawatomie County, Kansas

To regain control of servers encrypted in an attack on September 17, 2021, Pottawatomie County officials agreed to pay a ransom of $71,606.25, which could be seen as a bargain considering the initial asking price attackers demanded—a cool $1 million to release control of the county’s data. The attack impacted the county’s driver’s license system and the tax department. It persisted for two weeks.

  • Cyber attack type: Ransomware
  • Location: Kansas
  • Cost: $71,606.25
  • People affected: 150 desktop and laptop computers

In the aftermath of the attack, the IT team deployed additional sensors on the county’s servers and continued their investigation to determine how the attackers breached their defenses.

7. Metropolitan Police Department, Washington, D.C.

An attack involving Babuk ransomware resulted in the theft of 250 gigabytes of police data, including police officer personnel files, arrest records, and intelligence memos. Screenshots shared by cybercriminals online included extensive personal data stolen from the department, as well as performance reviews and polygraph records.

  • Cyber attack type: Babuk ransomware
  • Location: Washington D.C.
  • Cost: Not disclosed
  • People affected: 22+ employees

When attackers were denied a ransomware payment of $4 million, 22 personnel files were published online, each more than 100 pages. Then, when the police department allegedly offered to pay $100,000 to prevent the release of additional data, the attackers rejected their offer.

Dock at Burlington Canada.

6. City of Burlington, Canada

A phishing scheme that tricked city staff into changing a vendor’s banking information resulted in a $503,000 transfer to an account controlled by cybercriminals.

  • Cyber attack type: Phishing
  • Location: Canada
  • Cost: $503,000
  • People affected: Not disclosed

In a press release, Mayor Marianne Meed noted that the documents used to defraud the city had a “level of sophistication not typically seen.”

Once the city detected the fraud, they notified their bank and local police department. They also deployed additional, unspecified internal controls to prevent a repeat of the incident.

5. The City of Chicago’s Department of Aviation

When an employee of the City of Chicago’s Department of Aviation received an email from Skyline Management, a provider of custodial services at Midway and O’Hare, nothing appeared out of the ordinary. The company was an established vendor that had earned over $250 billion by providing custodial services since 2008.

The employee followed the instructions in the email and changed the company’s bank account on file from US Bank to Wells Fargo Bank, and then initiated an electronic payment for $1,150,759.82 as requested.

When Skyline Management contacted the City of Chicago weeks later to complain about a missing payment, the department realized their error and contacted Wells Fargo to hold the funds. The city did not incur a loss as the funds were still in the account.

  • Cyber attack type: Phishing
  • Location: Illinois
  • Cost: Not disclosed
  • People affected: Not disclosed

An investigation determined that a hacked email account belonging to an employee of Skyline Management may have facilitated the attack.

The city’s finance department now requires its employees to call a vendor to confirm a bank account change by phone instead of relying exclusively on an email.

4. City of Riviera Beach, Florida

An attack in May 2019, which began when an employee in the police department opened an infected email, took the City of Riviera’s main computer system offline, affecting every department. The city’s finance department was forced to manually issue payroll checks that would otherwise have been automatically deposited in employee accounts electronically.

  • Cyber attack type: Phishing
  • Location: Florida
  • Cost: $600,000 ransom paid by insurance company; $941,000 for computer equipment
  • People affected: Not disclosed

To secure the safe return of stolen data taken during the ransomware attack, city council members approved the payment of a $600,000 ransom, payable in bitcoins by the city’s insurance company.

Additionally, the city agreed to spend almost $1 million to upgrade computer equipment, including the purchase of 310 new desktops and 90 laptop computers.

The city’s IT department also engaged consultants to add safeguards and redundancies to prevent future attacks.

3. City of Atlanta

In March of 2018, a cyber attack against the City of Atlanta crippled government services. It took nearly a third of the city’s software programs offline and infected 3,789 computers. The attack impacted critical police services and the city’s court system, including the loss of police dash-cam recordings related to active prosecutions.

  • Cyber attack type: SamSam ransomware
  • Location: Atlanta
  • Cost: $17 million
  • People affected: Undisclosed

The attackers demanded a ransom of $51,000 to release the government’s data, payable in bitcoins, which the city declined to pay. A confidential report estimates a $17 million cost to taxpayers.

On December 5, 2018, the Department of Justice indicted Iranian nationals for their role in the attack.

2. City of Baltimore

Threat actors successfully deployed RobbinHood ransomware against the City of Baltimore in 2019, which ended up costing the city $18.2 million. The attack compromised the city’s networks, took its email system offline, and adversely impacted its dispatch system.

  • Cyber attack type: RobbinHood ransomware
  • Location: Baltimore
  • Cost: $18.2 million
  • People affected: Undisclosed

The attackers demanded a payment of $76,000, which officials declined to pay thanks to advice from the Secret Service and the FBI, plus the city’s leadership did not want to reward criminal behavior.

Ultimately, however, Baltimore experienced a loss that far exceeded the ransom request.

1. United Kingdom’s National Health Service

A 2017 ransomware attack involving the WannaCry variant, launched by North Korea, inflicted losses of £92 million (about $125 million dollars) and resulted in the cancelation of 19,000 medical appointments in the week following the attack.

  • Cyber attack type: WannaCry ransomware
  • Location: United Kingdom
  • Cost: £92 million (about $125 million)
  • People affected: 19,000 patient appointments

The WannaCry attack infected 200,000 computers in 150 countries, including devices owned by the UK’s National Health Service, Spain’s Telefónica, and several financial institutions.

Harden Your Defenses to Stay Safe Against Unrelenting Attacks

Cyber attacks against the public sector exact a heavy toll, especially when they target smaller entities with limited budgets to prevent and recover from an attack.

As government entities further pursue and rely on digital transformation, cybercriminals will continue to probe for vulnerabilities and mount increasingly sophisticated attacks. Whether that’s in the form of ransomware, phishing, or some other form of attack, local, state, and federal governments must take a proactive approach to security to withstand the onslaught.

Arctic Wolf delivers customized security operation solutions, including round-the-clock, on-demand access to security experts with extensive experience assisting government organizations strengthen their cybersecurity defenses.

Learn more about how Arctic Wolf can keep governments safe from cyber threats.

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter