Washington D.C. Cyber Attacks

Infrastructure Affected

Public Safety
Back to Archive
Washington D.C. w. Zoom 3.jpg

Public Safety

FBI hacking: Everything you need to know about the fake email cyberattack, District of Columbia

Breach Type – Phishing, Other

Euro News

  • "Fake emails attributed to the US Department of Homeland Security were sent on Saturday from a secure FBI computer server, the FBI confirmed."
  • “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,”
  • “This is an ongoing situation, and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue.”
Read More

DC Police Department, District of Columbia

Breach Type – Unknown, Ransomware


  • Babuk ransomware threat actors claim to have infected DC Police systems
  • Screenshots of alleged arrest records were posted on the Babuk site
  • No word as to whether or not there has, or will be, a ransom payment made
Read More

  • The most recently posted documents contain sensitive information about 22 officers, such as fingerprints, dates of birth, polygraph test results and residential, financial and marriage history
  • The hackers claim that they demanded $4 million in ransom and the department countered with $100,000, which they deemed unacceptable
  • Police Chief Robert Contee sent staffers a message confirming that the hackers had obtained personnel files with personally identifiable information. He wrote that the mechanism that allowed the unauthorized access had been blocked, and gave staffers information about credit monitoring options available to them
Read More

Maritime Transportation Security Act (MTSA) Regulated Facility

Breach Type – Phishing, Ransomware


  • United States Coast Guard facility was victim of ransomware hit
  • Unknowing employee clicked on fraudulent link sent by bad actor
  • Encrypted files and cargo transfer controls affected in cyberattack
Read More

Hackers Hit D.C. Police

Breach Type - Ransomware

Washington Post

  • Allegedly took place 8 days before Presidential Inauguration
  • Infected 70% of storage devices that record data from D.C. police surveillance cameras
  • Forced major citywide reinstallation efforts
  • Left police cameras unable to record for 3 days
  • City did not pay ransom
Read More
Bleeping Computer

  • Suspected hackers Mihai Alexandru Isvanca and Eveline Cismaru
  • Hacked surveillance cameras to access computer network
  • Hacked MPDC cameras and computers on January 9
  • Went undiscovered until Jan 12th
  • City did not pay ransom
Read More


Local Government

Security pros raise questions after breach of US federal court system, District of Columbia

Breach Type – Unknown, Data Breach

SC Magazine

  • “Serious eyebrows were raised this week when House Judiciary Chairman Jerry Nadler, D-N.Y., said at an oversight committee hearing that three unspecified foreign actors breached the federal judiciary’s document management system."
  • “During yesterday’s hearing, Matthew Olsen, assistant attorney general of the Justice Department’s National Security Division, would not confirm which three nation-states were involved..."
  • “Karen Crowley, director of solutions marketing at Deep Instinct, said the attack on the U.S. federal court system has dispelled any doubts about the significance of a cyberattack against even the largest organizations."
Read More

Pro-Russian cybercriminals briefly DDoS Congress.gov, District of Columbia

Breach Type – Hacking, DoS


  • “A pro-Russian cybercrime group attacked the Congress.gov web domain Thursday, resulting in temporary down time that “briefly affected public access,” the Library of Congress told CyberScoop Friday.”
  • “KillNet — a pro-Russian group that has launched a series of distributed denial-of-service attacks on targets around the world perceived as hostile to the Russian government — posted a video that included a 503 error page alongside an image of President Joe Biden.”
  • “A spokesperson for the Library of Congress, which administers the domain, told CyberScoop in an email that the site suffered a DDoS “network attack that briefly affected public access,” adding that the site was “intermittently affected” starting at about 9 p.m. Thursday and returned to normal operation just after 11 p.m.”
  • “The Library of Congress used existing measures to address the attack quickly, resulting in minimal down time,” the spokesperson said. “The Library’s network was not compromised and no data was lost as a result of the attack.”
Read More

Vendor Outage Impacts District of Columbia Paid Family Leave System and Virtual One-Stop

Breach Type – Unknown, Malware


  • “…the vendor that operates the District’s Paid Family Leave (PFL) Benefits Administration System and the Virtual One-Stop (VOS), is experiencing a service interruption impacting PFL system operations and does.dcnetworks.org.”
  • “The service interruption has resulted in PFL claimants being unable to file new claims, modify existing claims and has delayed scheduled benefit payments this week. The system outage is also preventing customers from conducting job searches or completing career assessments in the VOS system.”
  • “According to GSI, there was no data breach, and the personal information of users has not been compromised. More than 35 states have been affected.”
Read More

D.C. Unemployment Recipients are Being Targeted by Official-Looking Scam Emails, District of Columbia

Breach Type – Phishing, Data Breach


  • “Numerous recipients of unemployment benefits in D.C. have received suspicious emails from D.C. government accounts over the last two weeks, indicating a possible intrusion into city computers by scammers attempting to coax confidential information from people with information in official databases.”
  • “Each of the emails was sent from DC.gov accounts belonging to actual city workers, some of whom work for the Department of Employment Services — which handles unemployment benefits — and others who do not.”
  • “…another email was sent from the account of Shanta Suggs, who works at DOES as a compliance investigator. It asked the recipient to text a New York number for further information on how to collect an additional benefits payment. DCist/WAMU sent a text to the number, and received a response requesting copies of “supporting documentation such as front and back of your driver license along with your [Social Security number] or SSN card to process your claim.”
  • “The D.C. Office of the Chief Technology Officer investigated reports of compromised D.C. Government email accounts that were used to collect information from members of the public. The team locked the accounts and prevented further action from being taken,” said Parker. “D.C. Government is in the process of contacting members of the public who responded to these compromised accounts so that they can take action to protect themselves.”
  • “Parker added that the city has not been immune to the “continued nationwide trend of cyber criminals taking advantage of UI claimants,” and asked that anyone who receives a suspicious email report it. For her part, Silverman urges people never to share personal identifying information over email or text message.”
Read More

U.S. State Department reportedly hit by serious cyber-attack, District of Columbia

Breach Type – Hacking, Other


  • “The US Department of Defense’s (DoD) Cyber Command has notified Congress that the State Department was hit by a cyber-attack…”
  • “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time,” a State Department spokesperson told Heinrich.”
  • “..the attack, which supposedly happened a couple of weeks ago, hasn’t had any detrimental impact on the State Department’s ongoing evacuation mission in Afghanistan.”
Read More

U.S. Department of Commerce, District of Columbia

Breach Type – Hacking, Data Breach


  • Russian bad actors believed to have monitored US Treasury email
  • Commerce Department confirmed an attack occurred
  • SolarWinds updates were possible key to hacker's attempts
Read More

US Department of Veteran's Affairs Office of Management, District of Columbia

Breach Type – Hacking, Other

Navy Times

  • Roughly 46,000 veterans had private information leaked following cyberattack
  • VA Office of Finance disabled payment system amid security concerns
  • Bad actors diverted payments away from beneficiaries
Read More

U.S. Health and Human Services Department, District of Columbia

Breach Type – Hacking, Other


  • Foreign bad actor believed to be behind coordinated cyberattack
  • Health and Human Services servers were hit with DDoS
  • Cyberattack failed to achieve its goal, HHS remained unaffected
Read More

U.S. Federal Depository Library Program Website, Washington DC

Breach Type – Hacking, Other: Website Defacement

CBS News

  • Federal website defaced with pro-Iranian message
  • Officials were unable to determine affiliation of bad actors
  • Senior government official dismissed attack as unimportant
Read More

D.C. Government

Breach Type - Phishing, Other

Washington Post

  • Treasury Department investigating phishing schemes in July
  • Hackers infiltrated communication with a construction vendor & impersonated vendor
  • A D.C. government department processed payments to fraudulent vendor through electronic wire transfer
  • $700,000 lost as a result of fraudulent transfer, currently no money has been recovered
Read More

Defense Department

Breach Type - Hacking, Data Breach


  • Defense Department experiences cyber breach of travel records
  • Hackers compromised personal information and credit card data of U.S. Military and civilian personnel
  • Breach potentially affected at least 30,000 workers
  • No classified information compromised
Read More

Capitol Hill

Breach Type - Ransomware

The Intercept

  • Hackers attempt at infiltrating congressional computers
  • Hackers used a series of email hacks through Yahoo and Gmail
  • House had parts of Wi-Fi and Ethernet on lockdown
Read More



CareFirst BlueCross BlueSheild Community Health Plan, DC

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • 200,665 people affected by data breach likely carried out by foreign cyber criminals
  • Compromised information may include, but is not limited to, SSNs, medical information, and names
  • CareFirst has collaborated with the FBI and CrowdStrike to investigate and resolve the situation
Read More

World Health Organization (WHO), DC

Breach Type – Hacking, Data Breach


  • Bad actors released 25,000 emails and passwords following cyberattack
  • National Institutes of Health, World Health Organization, Gates Foundation among victims
  • World Health Organization accounted for nearly 3,000 of the leaked emails and passwords
Read More

National Capital Poison Center

Breach Type - Ransomware

Office of Attorney General

  • Ransomware infection hits DC's Poison center exclusively
  • NCPC notifies potentially affected patients as precaution
  • No personal information is believed to have been accessed/exposed
Read More

MedStar Health

Breach Type - Ransomware

CSO Online

  • Disabled network after ransomware virus infected multiple systems
  • Took down systems to isolate virus
  • No evidence that information has been compromised
  • Organization moved to backup systems and paper transactions
  • FBI leading investigation
Read More
The Washington Post

  • Hackers demand $19k in a 10-day deadline
  • Some patients turned away
  • Others treated without important computer records which resulted in improper treatment
  • Medstar had trouble determining diagnosis without speedy lab results
Read More



Hillicon Valley - Howard University Hit by Ransomware Attack, District of Columbia

Breach Type –Unknown, Ransomware

The Hill

  • -"A major Washington, D.C., university was hit by a ransomware attack over Labor Day weekend, forcing the cancellation of classes on Tuesday"
  • “…it said there was no evidence of personal information being stolen."
  • "Howard said that its information technology team detected unusual activity on the school’s network on Friday, prompting an investigation into the situation."
  • “We are currently working with leading external forensic experts and law enforcement to fully investigate the incident and the impact."
Read More