Public Safety

Quincy: Hackers broke into city servers, demanded money in exchange for data, Norfolk County

Breach Type – Phishing, Data Breach

Patriot Ledger
February 8th, 2022

“The city is working to restore access to some of its servers after Quincy's online network was hacked in a targeted cyberattack last Thursday.”
“Chris Walker, chief of staff to Mayor Thomas Koch, said the Quincy Police Department’s server and network "showed signs of disruption" Thursday morning, which alerted the city's IT department to something amiss.”
“Employees in that department then found text files on the servers demanding money in exchange for the return of data.”
”The city did not respond to the hacker and instead reached out to cybersecurity contractors to track down the source of the attack, identify corrupted data and scan every computer attached to the city’s network for any signs of whether hackers still had access. Walker said they do not yet know who is responsible.”
“Of the 60 servers the city maintains, he said 32 were deemed safe and back up and running Monday. He said the city prioritized servers belonging to "critical" departments such as the school system and fire and police departments, as well as the city's financial software. Some systems, including the city's shared file drive, were still down Monday evening.”

New Bedford Police Department victim of Ransomware Attack, Bristol County

Breach Type – Unknown, Ransomware

ABC 6 News
January 27th, 2022

“The New Bedford police have shared details of a ransomware attack they were the subject of Thursday morning.”
“The attack was limited to a few individual work stations and servers used by the department, but no other City departments were effected.”
“The 911 emergency response system did not lose service from the attack and no users were effected.”
“At this time, it is believed that no data was accessed or stolen through the attack, and a cybersecurity response plan has begun. Federal law enforcement agencies have also been notified.”
“There was never a ransom demand sent to, or received by the police department.”

Cyberattack Strikes Brockton PD, Shuts Down Computer Systems, Plymouth County

Breach Type – Unknown, Malware

ABC6 Local News
July 21st, 2021

“The city of Brockton announced Wednesday that its police department has fallen victim to a cyberattack.”
”Former Boston police chief and cyber security expert, Dan Linskey, says the attack won’t halt work at the department but may slow it down. “I’m sure they can call over to the local town around them or the Regional Dispatch Center,” Linskey said.”
“Linskey says police departments usually have their data backed-up every 12 hours, so anything lost should be restored quickly.”
”Out of caution, the Brockton Fire Department has also shut off its computer systems to avoid being infected."

City of Lawrence PD, Fire Department, and City Hall, Essex County

Breach Type – Unknown, Ransomware

The Eagle Tribune
April 3rd, 2021

Municipal functions went down the morning of April 3rd due to suspected malicious activity
Schools and emergency response functions were unaffected
Law enforcement was notified and investigation is ongoing

Boston 25 News
April 8th, 2021

The City of Lawrence is arranging payment in the wake of a ransomware attack
Police and Fire Department computers were also infected
The city is working with the FBI to resolve the situation

Boston Regional Intelligence Center, Suffolk County

Breach Type – Hacking, Data Breach

The Hacker News
June 22nd, 2020

Recent blue lakes dump includes police and FBI reports, bulletin guides and more giving insight into law enforcement not commonly inaccessible by public
The data contains over millions of files including images, documents, videos, web pages, text files, emails, auto files and more
Investigations are looking into how many files are classified and not supposed to be public

Douglas Police Department & Massachusetts Communities, Worcester County

Breach Type – Unknown, Ransomware

NBC Boston
February 14th, 2020

Recently released records showed numerous communities negotiated ransoms
Majority of cases were resolved through backup recovery
Ransoms of $300 to $11,000 were paid to bad actors

Southwick Police Department Website, Hampden County

Breach Type - Hacking, Malware

Gov Tech
March 9th, 2020

Police Chief Kevin Bishop had to publicly announce that his department's website had been taken down due to malware
This malware managed to redirect any site visitors to a separate website
Despite the ongoing battle it was decided to remove the site and to start from the bottom up making a new website with better features

Athol Police Department Worcester County

Breach Type – Hacking, Ransomware

Gov Tech
September 23rd, 2019

Local governments and school districts hit in ransomware cyberattack
Attack paralyzed police department's computer network, officers forced to rely on neighboring departments
Multiple communities within the state had been among countless other victims throughout the country

City of New Bedford Fire Department & Government Systems, Bristol County

Breach Type - Unknown, Malware

Providence Journal
July 9th, 2019

Some City Hall computers down for 5 days after malware infection
City employees performing tasks manually for services that are down
IT and outside consultants investigating malware type and scope of impact

South Coast Today
July 11th, 2019

Some City Hall computers down for over a week after malware infection
District Chief confirmed that the Fire Department is also working without computers
Mayor’s Spokesperson stated that emergency dispatch was operating normally

Town of Tisbury, Town of Tisbury Police Department Dukes County

Breach Type - Phishing, Malware

Vineyard Gazette
September 22nd, 2018

Employee opened malicious phishing email, convinced the was sent by a regular town vendor
The email launched malware which crippled Tisbury email and internet services
Affected departments include the library, the council on aging, and the police department
Computer access was disabled for at least 24 hours & the town will implement cyber monitoring for the time being

Dighton PD Locked Out of Computer Systems

Breach Type - Ransomware

Turn to 10
December 21st, 2016

Ransom more than $4,600
Hackers from Russia, threaten to wipe entire computer system
Dighton pays ransom
Chief of Police paid out of pocket, Dighton Town reimburses later

Hit on Melrose PD

Breach Type - Ransomware

Wicked Local
February 29th, 2016

Email transfers virus to detective
Most data backed up, except vital data on detective’s laptop
PD pays ransom in bitcoin to recover data
Payment of $489 made to hackers

Tewksberry PD Pays Ransom

Breach Type - Ransomware

News BTC
April 27th, 2015

Read More

Local Government

Phishing Attack Costs Tewksbury, Middlesex County

Breach Type – Phishing, Other

Home News Here
March 5th, 2022

"The Town of Tewks¬bury revealed that it had been compromised by an email phishing attack which resulted in the transfer of $102,000 to an account unintentionally."
"As reported in the re¬lease, a town employee re¬ceived an email from a familiar vendor requesting payment via wire transfer, also known as ACH (automated clearing house) or EFT (electronic funds transfer)...Payment was made to a Wells Fargo account which apparently had been spoofed to appear legitimate."
"The town learned it was the victim of an attack when the real Wells Far¬go contacted the town to report a late payment. The town immediately initiated an investigation, notified the vendor of the scam, contacted the Tewksbury Police De¬partment, and notified the FBI of the fraud."

Quincy city pension investment manager lost $3.5 million in an email phishing scam, Norfolk County

Breach Type – Phishing, Other

Patriot Ledger
February 11th, 2022

“More than $3 million is missing from the city's pension fund after an investment manager fell victim to an email phishing scheme, state officials said. The money has not been recovered.”
“The Quincy Retirement Board is under investigation by the Public Employee Retirement Administration Commission after one of its investment managers received an email from a former employee's board email account, which had been hacked. The email included instructions for a $3.5 million wire transfer, which the manager made in February 2021.”
“John Parsons, executive director of the commission, said he believes the transaction was "the result of human error and a breakdown of security controls."
“The memo advised retirement boards to review and confirm security processes, review IT user access authorizations and "ensure there is diligent scrutiny by vendors and the board of all periodic bank and investment statements."
“The Quincy Retirement Board manages the city's pension fund, which contains hundreds of millions of dollars. The board is made up of five people: one city representative, two members elected by Quincy retirees and two appointed by the other three members. There are four staff members.”

Springfield city employees payroll provider reports ransomware attack, Hampden County

Breach Type – Hacking, Ransomware

WWLP 22 News
December 13th, 2021

"The City of Springfield employees are being notified after a ransomware attack was reported for the timekeeping company they use"
"the timekeeping company Ultimate Kronos Group (UKG) and their Kronos Private Cloud was recently hit by a nationwide ransomware attack.”
“The company became aware of the unusual activity on Saturday and took immediate action where it was determined to be a ransomware incident affecting Kronos customers across the world.”
“The City of Springfield uses Kronos and is taking appropriate actions to reduce the impact, including potential disruptions with the recording of city employee schedules/hours for payroll purposes."

Deerfield offering credit monitoring after data breach potentially exposed residents info, Franklin County

Breach Type –Unknown, Data Breach

Greenfield Recorder
September 2nd, 2021

"An unauthorized third party viewed or acquired the personal information of several residents in a March 25 data breach."
"…could not share what specific personal information was viewed or taken because it varied for each resident."
“All we know is it was possible an unauthorized third party may have reviewed or acquired personal information.”
“…there has been no evidence that people’s personal information has been “specifically misused as a result of this incident.”
“Residents whose data was breached are offered “free credit monitoring and identify theft protection services."

Boston Public Library discloses cyberattack, system-wide technical outage, Suffolk County

Breach Type – Unknown, Malware

Bleeping Computer
August 27th, 2021

"The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage."
"On Wednesday morning, 8/25, the Boston Public Library experienced a systemwide technical outage due to a cybersecurity attack, pausing public computer and public printing services, as well as some online resources,"
"Affected systems were taken offline immediately, and proactive steps were taken to isolate the problem and shutdown network communication."
"An ongoing investigation in collaboration with law enforcement and the Mayor's IT experts has not yet found any evidence of employee or patron data stolen from the impacted systems"

Massachusetts Registry of Motor Vehicles, State of Massachusetts

Breach Type – Unknown, Malware

WCVB
April 6th, 2021

Vendor Applus experiencing ongoing issues following a malware attack
Grace period has been allowed for some motor vehicle inspections in light of this vendor attack
Police statewide are aware that compliance with safety and emissions inspections has not been posible since March

Town of Winthrop and Winthrop Public Schools servers, Suffolk County

Breach Type – Unknown, DDoS

John Guilfoil Public Relations
February 5th, 2021

Students and teachers prevented from using internet-based resources following cyberattack
School IT personnel and ISP worked to restore services
Local, state, and federal law enforcement assisted in investigation

City of Methuen computer systems, Essex County

Breach Type – Phishing, Ransomware

Gov Tech
September 24th, 2020

Hackers were attempting to gain entry into the city's computer system to gain access to taxpayer and employee information
Bad Actors were nearly successful in accessing the sensitive information but actions were taken to stop the attempts
There was an email sent out to an unsuspecting employee of the city which the employee opened linking to ransomware

City of Franklin, Norfolk County

Breach Type – Phishing, Other

Security Info Watch
October 12th, 2020

Over $500,000 were misdirected in recent cyber attack hack
There is no evidence that systems have been breached or any sensitive information exposed
Employees were mislead in recent spear phishing attack leading funds to be misdirected

Town of Charlton, Worcester County

Breach Type – Unknown, Ransomware

APR
September 3rd, 2019

Town government computer network attacked with ransomware
Attack froze documents, emails, and servers
Employees were unable to send or receive emails, emergency services unaffected

City of Lynn Online Parking Ticket Payment System, Essex County

Breach Type - Ransomware

WZLX
May 7th, 2019

Previously a virus had rendered Lynn School’s internet systems offline, now the City’s parking ticket payment system has fallen prey
City being forced to resort to paper records for payments over several weeks due to attack that originated in India
The FBI has been contacted, it seems that no sensitive information had been taken and that computers have remained safe

Committee for Public Counsel Services, Suffolk County

Breach Type - Phishing, Ransomware

Boston Globe
March 12th, 2018

CPCS attacked by ransomware, e-mail systems and attorney payments disabled, hearings delayed
Agency refused to pay ransom, opted to restore system from backup files
Ransomware program known as Ryuk appeared to originate in Russia
Agency believes ransomware was installed using trojan virus programs via link, file, or e-mail
IT team confident in restoration of data once trojan viruses were eliminated

CrowdFundInsider
March 15th, 2018

Massachusetts Committee for Public Counsel Services victim of Ryuk ransomware
Organization had external backups of affected files, believed virus did not extract data
Infected link in phishing e-mail determined to be likely culprit

City of Quincy, Norfolk County

Breach Type - Phishing, Malware

The Patriot Ledger
November 28th, 2018

Hackers compromise official City of Quincy email accounts via phishing scheme
Malicious emails contained Emotet or Trickbot malwares which quickly infected all city departments
The compromised accounts were used to spread viruses to those in contact with city officials

Town of Marblehead, Essex County

Breach Type - Phishing, Ransomware

Marblehead WickedLocal
September 5th, 2018

Town Finance Director sought cyber assessment after malware attacks
Ransomware struck Town via phishing email
IT restored files & systems

Massachusetts Clean Energy Center, Suffolk County

Breach Type - Phishing

Boston Herald
June 12th, 2018

Cyber scammer steals $93,679 in public funds through phishing scheme
Recovered a fraction of the funds stolen, but scheme was unreported for 8 months
The Massachusetts Clean Energy Center did not consider cyber threats in its risk assessment

Cambridge Housing Authority, City of Cambridge

Breach Type - Phishing

Cambridge Day
April 3rd, 2018

Authority loses $7,000 to BEC scam
Phishing attack causes loss, but housing authority isn't alone in fight against cybercrime
City uses a protective program to help lessen the load of phishing schemes coming through each day

Holyoke City

Breach Type - Phishing

Massachusetts Live
February 12th, 2018

City treasurer falls victim to Business Email Compromise (BEC) scam
Scammed out of roughly $10,000
Treasurer realized cyber attack and contacted Holyoke Police Department
Treasurer has cooperated with investigation

Websites: Town of Westford, City of Framingham, Town of Andover, Belmont

Breach Type - Cryptojack/Other

WCCF Tech
February 12th, 2018

Over 4,200 victims hijacked to mine Monero cryptocurrency
Secretly hijacked using compromised plug-in called "Browsealoud"
Though sites were affected for hours, no user data was affected/compromised

Brookline Town

Breach Type - Hack

Boston Herald
December 6th, 2017

Business Email Compromise scam almost empties Brookline's funds from treasury
Town treasurer recognized the scam and reported to the town's IT department

Wicked Local
December 7th, 2017

Brookline police detectives investigating case
Town has taken several preventative measures to ensure future cyber safety

Medfield Norfolk County

Breach Type - Ransomware

Boston.com
February 2nd, 2016

Paid $300 to hackers to unlock town computer systems
Town made attempts to restore files, virus infected backup server
Some sensitive files were not compromised, due to not being held on the town serve
Paid ransom as most expedient way to resolve
IT dept. taking steps to better their cyber security

Medical

10K patients affected in Massachusetts health center ransomware attack, Suffolk County

Breach Type – Unknown, Ransomware

Becker Hospital Review
March 13th, 2023

"Boston-based Codman Square Health Center's systems were encrypted by ransomware, causing the protected health information of 10,161 patients to be compromised, including names, addresses, dates of birth, medical record numbers, diagnoses, other treatment information, and claims information."
"On Nov. 28, the center learned that its systems were encrypted by ransomware and began investigating the incident."
”Since the incident, Codman Square Health Center said it implemented additional safeguards, and reviewed its policies and procedures relating to data privacy and security.”

Zoll Medical Data Breach Impacts 1 Million Individuals, Middlesex County

Breach Type – Unknown, Data Breach

Security Week
March 13th, 2023

"Medical technology developer Zoll Medical is notifying roughly one million individuals that their personal information might have been compromised in a recent data breach."
"Zoll develops and markets medical equipment and software for advanced emergency care, including cardiac monitoring, oxygen therapy, ventilation, data management, and more."
”The data breach, the company says, was identified at the end of January, when it discovered unusual activity on its internal network.”
”Zoll says it has no indication that the exposed information was misused. However, it is not uncommon for cybercriminals to share or trade stolen personal information on underground forums, and then use it in attacks such as phishing, identity theft, and the like."
”The company informed the Maine Attorney General’s office that just over one million individuals were impacted by the breach, all of whom have been offered free identity protection services.

Aveanna Healthcare To Pay $425,000 Following Phishing Attacks in 2019 That Impacted Thousands of Massachusetts Residents, Suffolk County

Breach Type – Phishing, Data Breach

DataBreaches.net
November 3rd, 2022

“A Georgia-based home health and hospice care company will pay $425,000 after it failed to implement proper security measures to protect the personal information of patients and employees, Attorney General Maura Healey announced today. The complaint and consent judgment against Aveanna Healthcare, LLC, entered today in Suffolk Superior Court, follows a series of phishing attacks that impacted more than 4,000 Massachusetts residents. Aveanna is a national provider of pediatric and adult home health care, operating in 33 states with Massachusetts offices located in Brockton, Plymouth, Shrewsbury, Springfield, Waltham, West Springfield, and Worcester. The AG’s Office alleges that in July 2019, Aveanna employees began receiving fraudulent “phishing” emails designed to cause the recipient to provide credentials, money, or sensitive information.”
"Companies have an obligation to put the right security measures and systems in place to prevent hackers from accessing sensitive information,” said AG Healey. “As a result of this resolution, Aveanna will ensure compliance with our strong data security laws and the take steps necessary to protect its employees and the private data of Massachusetts residents moving forward.” The private information, which may have included social security numbers, driver’s license numbers, financial account numbers, and health information such as diagnoses, medications, and treatment records, of more than 4,000 Massachusetts residents, including patients and employees, was potentially accessed by the hackers.”
”In one instance, a phishing email was sent to employees that appeared to come from Aveanna’s president. The attacks continued into August 2019, by which point more than 600 phishing emails were sent to employees. Employees’ responses to these emails resulted in hackers obtaining access to portions of Aveanna’s computer network. The hackers also tried to defraud employees by logging into Aveanna’s human resources system and altering individual employees’ direct deposit information. In response to the incident, Aveanna provided affected Massachusetts residents with two years of free credit monitoring."

PlatformQ Exposes Personal Info of Nearly 100,000 US Healthcare Workers, Norfolk County

Breach Type – Unknown, Data Breach

VPNOverview.com
August 9th, 2022

“The security research team at VPNOverview has uncovered a data breach that could have compromised nearly 100,000 doctors, nurses, and other healthcare professionals working at major hospitals across the United States."
“PlatformQ ... inadvertently published a database backup stored in a misconfigured AWS S3 bucket. Based on the findings, our security team believes the leak was marketing data for the generic drug Zarex."
"Though 255 different hospitals were affected,..."

Hackers breached UMass Memorial's emails for 5+ months, affecting 3,000+ patients, Worcester County

Breach Type – Hacking, Data Breach

Becker Hospital Review
October 18th, 2021

"UMass Memorial Health began notifying 3,099 patients that hackers breached employee email accounts"
"The health systems launched an investigation to determine the scope of the breach. The investigation determined the hackers accessed the accounts between June 24, 2020, and Jan. 7, 2021. The investigation was unable to determine if the hacker viewed any emails or attachments in the accounts."
"the health system identified which patients have been exposed and what information was contained in the email accounts. Information includes names, Social Security numbers, medical-related information and other data."

Massachusetts Hospital Pays Ransom to Restore Stolen Patient Data

Breach Type – Hacking, Ransowmare

Becker's Hospital Review
June 1st, 2021

Sturdy Memorial Hospital began notifying patients May 28 that some of their protected health information had been stolen by hackers, prompting the Attleboro, Mass.-based hospital to pay a ransom to stop the data from being redistributed
In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed," the hospital said
Sturdy Memorial Hospital discovered that an unauthorized party gained access to some of its IT systems Feb. 9; while the hospital secured its network and paid the ransom later that day, it discovered in April that certain PHI belonging to patients was contained in the files exposed by hackers. The information involved in the breach included patient names, Social Security numbers, financial account numbers, routing numbers and/or bank names, credit card numbers, prescription data and health insurance details

Lawrence General Hospital, Essex County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
November 9th, 2020

Healthcare facility was victim of cyberattack
Officials notified law enforcement
Bad actors likely accessed patient information

UMass Memorial Medical Center, Worcester County

Breach Type – Unknown, Data Breach

Telegram
September 14th, 2020

Healthcare center had donor and fundraising data leaked following cyberattack
Bad actors breached Blackbaud, a company that provided cloud-based services
Officials confirmed that leaked information was limited to donor and fundraising database

Behavioral Health Network, Hampden County

Breach Type – Unknown, Malware

Becker's Hospital Review
August 17th, 2020

Over 100,000 patients were notified of a cyber attack that may have left them exposed
The virus was initially discovered on May 28th
It is unknown if bad actors were able to acquire any information

Boston Children’s Hospital, Suffolk County

Breach Type – Unknown, Malware

Boston 25 News
February 11th, 2020

Children's hospital was victim of malware cyberattack
Over 500 healthcare professionals were affected by outage
Officials advised patient families to postpone visits

Shields Health Solutions, Norfolk County

Breach Type - Phishing, Data Breach

Data Breaches
February 9th, 2020

Employee email account accessed by unauthorized bad actors
Healthcare facility forced to utilize third party IT services
Patient records such as names and birthdates were leaked

Massachusetts General Hospital, Suffolk County

Breach Type – Hacking, Data Breach

SC Magazine
August 23rd, 2019

The data breach had exposed the sensitive data of nearly 10,000 patients of the neurology department
All of the data did not include information such as social security and any financial information, instead having information regarding genetic data and more
It was assumed that the hackers gained access through applications used by the department

ResiDex Software, Suffolk County

Breach Type - Unknown, Ransomware

PR Newswire
June 18th, 2019

ResiDex was made aware when servers were interrupted and rendered offline
Backups were utilized as systems were restored nearly the same day causing almost seamless response
Investigations were started in an attempt to see who was exposed due to how these events took place

Baystate Health of Springfield, Hampden County

Breach Type - Phishing, Data Breach

Kansas City
April 8th, 2019

Almost 12,000 patients were exposed following a data breach style attack
A phishing incident caused the exposure when affecting the accounts of several employees
Patient’s sensitive information included birth dates, health information, social security and more

Cambridge Health Alliance

Breach Type - Hack

Boston Globe
March 31st, 2018

Breach results in financial information of 2,500 patients exposed to hackers
No medical records included in the breach
Cambridge Health notified patients two months after attack
No current evidence has surfaced of hackers misusing this data

Partners Healthcare

Breach Type - Hack

Partners
February 5th, 2018

Partners monitoring systems identified suspicious malware activity
Implemented aggressive mitigation to contain malware
One server with personal data may have been affected
Partners notified patients out of abundance of caution – believing no data was misused

Massachusetts General Hospital Dental Group

Breach Type - Hack

Data Breaches
June 29th, 2016

FTP server leak (Patterson Dental Supply Inc.) also affected MGHDP
Patterson launched law-enforcement led investigation
Personal data of patients may have been compromised

Eaglesoft Software by Patterson Dental

Breach Type - Accidental Data Breach

Data Breaches
February 15th, 2016

Patterson Dental patient databases unsecured on FTP Server
Massachusetts General Hospital Dental Group included in unsecured server
The FTP server was later taken offline

Brigham and Women's Faulkner Hospital

Breach Type - Hack

Data Breaches
January 19th, 2016

Hackers used employee's credentials to access email account
Limited number of individuals affected
Emails did not contain health insurance numbers or financial information
Notified potentially affected individuals
No information on how hacker obtained credentials

Education

Suspected Cyber Attack Closes Northern Essex Community College, Essex County

Breach Type – Unknown, DoS

GovTech
March 6th, 2023

“Northern Essex Community College campuses in Haverhill and Lawrence will be closed Monday due to what is believed to be a cyber attack."
“College officials were working over the weekend to resolve the problem and said they hoped to reopen as safely and as quickly as possible. As of Sunday afternoon, the college's website was down."
"She said it appeared to be a cyber attack. The college was conducting a full systems audit to determine exactly which systems may have been affected and what impact, if any, there was on student and employee information.”

Ransomware closes schools on Nantucket Island, Nantucket County

Breach Type – Unknown, Ransomware

State Scoop
January 31st, 2023

"Students on Nantucket Island in Massachusetts were sent home early Tuesday when the local public school district incurred a ransomware attack that locked up its computers and prompted administrators to shut down multiple systems, including those related to security and safety."
”According to an email to families whose kids attend Nantucket Public Schools, the district shut down its internet connections, as well as all devices issued to students and staff."
"For this reason, our safety and security systems, including phones and security cameras, are also shut down,” Superintendent Beth Hallett wrote in the email.
”The district will remain closed Wednesday, according to a community-wide email Tuesday evening that Hallett shared with StateScoop.”
”Officials have not commented on what family of ransomware is suspected in the incident or whether there have been threats of data theft.”

Swansea cancels school Wednesday due to ransomware attack, Bristol County

Breach Type – Unknown, Ransomware

WPRI
January 3rd, 2022

“Classes have been canceled Wednesday for Swansea Public Schools following a “ransomware attack,” Superintendent John Robidoux announced Tuesday."
"Robidoux said the district’s computer network is currently shut down and principals will be calling families to inform them of the closure."
"12 News obtained a letter sent to parents of students at one Swansea elementary school, which said the network will be shut down until the issue is resolved.”

Bristol Community College's computer systems hacked in ransomware attack, Bristol County

Breach Type – Unknown, Data Breach

The Sun Chronicle
January 1, 2023

”The computer systems of Bristol Community College were hacked in a “ransomware” incident, college officials acknowledge. The college, which has a campus in Attleboro, said in a statement posted Friday on its website their computer network was hacked by a “criminal cyberattack” and “this incident involved ransomware encryption.” “We would like to thank you for your patience and flexibility over the past week as we navigate the impact of what we now know to be a criminal cyberattack, which is an attempt by hackers to damage the college’s computer network,” the college said."
"The college has discovered a network interruption issue impacting onsite internet and network functions including email, Teams, shared document sites and information systems, for students and employees,” college officials said. “At this time, Bristol Community College has no forensic evidence that this incident resulted in the unauthorized access to, or acquisition of, personal information,” the college added."
”The breach took place around Dec. 23, officials said. “The college immediately launched an investigation, in consultation with cybersecurity professionals who regularly investigate and analyze these types of incidents around the country, to determine the extent of any compromise to the information on its network,” the college said. “In the event that the investigation determines that personal information was compromised, individuals will be contacted directly with guidance and next steps.” School officials for now recommend students and staff change their passwords and report any unusual activity.”

Ransomware Attack Hits Rockland Public Schools

Breach Type – Unknown, Ransomware

Boston 25 News
May 19th, 2021

The Rockland Public School system became victims of a ransomware attack Wednesday morning
Staff won’t have access to their laptops or desktop computers for the next few days, so email would be limited
We are working with the appropriate authorities to determine the extent of the breach and to determine our path to restoration
No other information was immediately available

Haverhill School District, Essex County

Breach Type – Unknown, Ransomware

MSN
April 7th, 2021

Haverhill School District's IT department shut down the network Wednesday morning in response to the attack
Classes are out of session until the issue is resolved
Ransomware may have been delivered through a file staff clicked on

Mansfield Public Schools, Bristol County

Breach Type – Hacking, DoS

The Sun Chronicle
November 18th, 2020

Comcast was the one to confirm that the public schools were victims of a large scale DoS
The attacks began Monday and continued intermittently from there
In response mitigation tactics are taking place blocking malicious traffic

Tyngsboro School Systems, Middlesex County

Breach Type – Unknown, DDoS

WHDH
October 9th, 2020

Officials launched investigation following cyber attack causing internet outages
Schools district IT professionals determined outages were linked by distributed denial of service attack
Source of attack was discovered as a device brought into the building each morning

Springfield Public School District, Hampden County

Breach Type – Unknown, Ransomware

Bleeping Computer
October 8, 2020

Cyber attack has caused school closure due to investigations
The district contacted students and their parents stating that the school was closed due to Internet issues
Remote learning was suspended due to potential exposure in networks

Somerset Berkley Regional High School, Bristol County

Breach Type – Unknown, Ransomware

Taunton Daily Gazette
September 2nd, 2020

High school computer systems encrypted following ransomware cyberattack
IT personnel acted quickly and took remaining network offline
Local and federal law enforcement were notified, outside cybersecurity firm assisted

Chicopee Public Schools, Hampden County

Breach Type – Unknown, Ransomware

Western Mass News
November 21st, 2019

Ransomware cyberattack crippled school districts computers
Bad actors demanded $300,000 for school to retrieve locked data
Attack only hit Windows-based devices, other devices still worked

Lynn Public Schools, Essex County

Breach Type - Unknown, Malware

Item Live
March 21st, 2019

A large computer virus caused Lynn schools to be without internet
In order to isolate the threat, Lynn schools shut down their internet systems and connections
It is unknown where the virus started and when it started

Cape Cod Community College, Barnstable County

Breach Type - Phishing, Malware

Cape Cod Times
December 8th, 2018

Phishing email believed to have distributed polymorphic virus to Cape Cod Community College
Virus was embedded in malicious attachment
The malware targeted the college’s financial transactions, overwriting URL address for the college’s bank
Hackers transferred nine fraudulent funds – totaling $807,130 from the college

Leominster School District

Breach Type - Ransomware

Sentinel & Enterprise
April 26th, 2018

Files encrypted in ransomware attack and School District analyzed data at risk
No private information was accessed by hackers
In attempts to regain its network, Leominster paid $10,000 ransom to its cyber extortionists
Email system had been down for two weeks

Dracut Public Schools

Breach Type - Phishing

Lowell Sun
January 14th, 2017

Employee personal data exposed in advanced phishing scheme
No student or parent information compromised in attack
FBI and law enforcement launched investigation

Lawrence Public Schools

Breach Type - Phishing

Boston Globe
January 24th, 2016

Unspecified number of employees fell for phishing scheme
Breach may have exposed personal information of employees
No bank account information compromised
Superintendent notified personnel

Massachusetts Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in
9-1-1 Cyber News?

Follow Us!

Massachusetts Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in9-1-1 Cyber News?

Follow Us!

Want the latest in
9-1-1 Cyber News?