New Jersey Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
New Jersey.jpg
 

Public Safety

Haledon police computer breach of untold magnitude affects private citizens, Passaic County

Breach Type – Hacking, Data Breach

northjersey.com

  • “An untold number of private citizens are on alert for identity theft more than a year after local police experienced a hack of sensitive data on their computer network.”
  • “According to the chief's letter, the incident happened around June 2, 2020. The borough did not find out about it until the following month, the letter states, when an "unknown actor claimed to have removed certain databases from our network."
  • “The number of people who may be compromised by the breach, which led to an FBI probe, is undisclosed. Officials also have not said what the affected databases were used for.”
Read More

 
Trenton Police Department, Mercer County

Breach Type – Unknown, Ransomware

The Trentonian

  • Police department victim of ransomware cyberattack for second time
  • Local news indicated that department hadn't fully recovered from last attack
  • Officials were unsure about repair cost and data recovery
Read More

 
Maplewood Police Department, Essex County

Breach Type – Unknown, Malware

Data Breaches

  • A notice was released to the public about suspicious activity that was noticed on the Police Department's network
  • Following into investigations it was noted that malware was affecting the network
  • It is unknown what information was accessed potentially exposing sensitive private information
Read More

 
Montville Township & Montville Police Department, Morris County

Breach Type - Malware

Tap Into

  • Township computer systems experienced technical issues necessitating complete shutdown of all servers
  • Montville Police officials notified administration that shared drives could not be accessed
  • Township working manually
  • Spokesperson declined to comment when prompted about potential ransom
Read More
The Daily Record

  • Police Chief stated police department systems were taken offline
  • 911 calls were operational despite forced shut-down of systems
  • Second 911 hit in Morris County
Read More

 
Rockaway Township Police CAD System, Morris County

Breach Type - Ransomware

Daily Record

  • Police locked out of computer systems since Thanksgiving Day
  • Malware brought down Rockaway Police Department's email system and CAD system
  • Police fill out dispatch reports by hand, maintaining quick response times
Read More

 
Tom’s River Police Headquarters

Breach Type - Data Breach

Baltimore Sun

  • 3,700+ people effected
  • Computer assisted dispatch server was not working correctly
  • Notices sent out to people
Read More

 
Newark PD

Breach Type - Hack

NJ

  • Virus encrypts data
  • Backup systems were used by dispatchers
  • No indication that information on servers was compromised
Read More

 
BACK TO TOP

Local Government

NJ County's Email System Offline After Cyber Breach, Somerset County

Breach Type – Unknown, Malware

Government Technology

  • “Somerset County officials can’t receive or send emails following a cybersecurity breach Tuesday morning"
  • “The county “experienced a ransomware breach” this morning and as part of the county’s response, officials temporarily shuttered the county email system."
  • "Phone lines and offices remain open, although some requests are unable to be completed, like registering deeds."
Read More

 
N.J town working to restore operations after cyber breach, Mercer County

Breach Type – Phishing, Malware

NJ.com

  • “East Windsor officials confirmed Monday that the township experienced a cyber breach that wreaked havoc on its systems and is sending residents fraudulent emails — one week after officials said they first became aware of it.”
  • “Township manager Jim Brady said the breach is preventing municipal building departments from using the computer system, so a temporary system has been implemented to maintain operations and services. Computers have been temporarily set up at other municipal locations, he said. It takes “slightly more time” to complete things now, he said.”
  • “Fraudulent emails are being sent to residents from an address designed to look like an official township email address, Brady said.” “THESE EMAILS ARE NOT OFFICIAL EMAILS,”
  • “East Windsor officials notified the following entities of the breach: the New Jersey Office of Homeland Security and Preparedness, the New Jersey State Police, the United States Department of Homeland Security, and the FBI.”
  • “Township officials are investigating if residents’ personal info has been compromised and while there’s no evidence of that now, “as the investigation is ongoing this position may change,” Brady said.”
Read More

 
NJ can't print MVC documents, issue checks because of cyberattack, State of New Jersey

Breach Type – Unknown, Malware

NJ1015.com

  • “Receiving a printed state document could prove to be a challenge because of an issue with the vendor used by the state.”
  • “The state office of Office of Information Technology, which facilitates the service, said vendor R.R. Donnelley & Sons identified a “systems intrusion in its technical environment" and responded by shutting down its servers and systems, began a forensic investigation and hired a cybersecurity expert.”
  • "While we cannot disclose any specifics on an active investigation, generally speaking, this systems intrusion involved unauthorized individuals gaining access to RR Donnelly’s network and in doing so, disrupted their ability to carry out operations,"…In layman's terms, it means the system was hacked.”
  • “For New Jersey, the problem means a multi-day delay to receive certain documents including but not limited to vendor payments, disbursement checks, and motor vehicle documentation.”
Read More

 
Middletown email crash result of 'criminal cyberattack': Township, Montmouth County

Breach Type – Unkown, Malware

APP.com: USA Today Network

  • "A "criminal cyberattack" has wrought havoc with the township's computer systems, township officials said Tuesday. Details on the intrusion were sparse.”
  • The township was recently the victim of a criminal cyberattack that interrupted access to servers, including email, for approximately three weeks," township Administrator Tony Mercantante said in an email.”
  • “Some interruptions continue because the township is carefully restoring its systems to ensure all data is safe and secure," Mercantante said.”
  • "There was no word on who was behind the attack or if the township paid any ransom.”
  • “Emails from the Asbury Park Press to township recipients went unreceived as early as Oct. 7, and were still not reaching their destinations at least as recently as Oct. 18.”
Read More

 
Plumsted Township Impacted By Data Security Incident, Ocean County

Breach Type – Phishing, Data Breach

Fox 19 News

  • “This investigation determined that an unauthorized individual gained access to the Plumsted Township email environment between April 19, 2021 and May 24, 2021.”
  • ”On September 2, 2021, Plumsted Township's review determined that the account contained sensitive information and began to notify individuals who potentially had data impacted by this event.”
  • “Data privacy and security are among Plumsted Township's highest priorities, and they have worked to add further technical safeguards to their environment.”
Read More

 
Update: Who pays the ransom for NJ records taken by hackers? Taxpayers, and 'it's all preventable', Borough of Wildwood Crest Computer Systems, Cape May County

Breach Type – Hacking, Ransomware

New Jersey Herald

  • “…someone launched malware on systems that power the government of Wildwood Crest, the beachside borough with 3,000 residents agreed to pay a ransom of 1 Bitcoin, worth at the time about $7,500.” "
  • “Those ransoms aren’t all that taxpayers have shelled out because of cybersecurity breaches; …Wildwood Crest… also paid tens of thousands more to shore up their security and recover from the breaches themselves.”
Read More

 
Notice of Data Event: Borough of Wildwood Crest Computer Systems, Cape May County

Breach Type – Hacking, Ransomware

New Hampshire Department of Justice

  • “Wildwood Crest recently became aware of unusual activity on specific Wildwood Crest systems and immediately began an investigation. With the assistance of third-party computer specialists, the investigation determined that malware present in the Wildwood Crest system allowed an intruder to gain access to Wildwood Crest's systems and collect certain personal information.”
  • “Upon discovering the event, Wildwood Crest promptly changed user credentials and disabled RDP access to the Wildwood Crest systems. Wildwood Crest is also taking steps to enhance its data security; these include reviewing existing policies and procedures, reassessing existing technical and administrative safeguards, and implementing new and additional safeguards, as needed.”
  • “Upon learning of this incident, we immediately launched an investigation, which included working with expert third-party forensic investigators. As part of the investigation, we are assessing the security of our network, reassessing existing technical and administrative safeguards and we will be implementing new and additional safeguards, as needed.”
Read More

 
myNewJersey portal, State of New Jersey

Breach Type – Hacking, Data Breach

North Jersey

  • Hackers targeted the accounts of around 200 state employees in recent cyber attack
  • The breach was onto systems that hold sensitive personal and financial data
  • The portal allows employees and more enrolled in the pension system to find information such as tax and payroll records
Read More

 
The Jersey City Municipal Utilities Authority, Hudson County

Breach Type – Unknown, Ransomware

NJ

  • A law firm has been hired to investigate a recent cyber attack that blocked access to vital water and sever service
  • The ransomware lead to an emergency condition on the networks on or around September 30th
  • The agency lost vital information in the attack including documentation related to the provision of water and sewage services
Read More

 
Bernards Township, Somerset County

Breach Type – Unknown, Ransomware

NJ

  • Ransomware used in cyberattack that took out website
  • Officials confirmed that the damage was minimal
  • Law enforcement advised that their systems were unaffected
Read More

 
Town of Dover, Morris Co.

Breach Type – Unknown, Ransomware

NJ

  • Computer systems for Dover were hit in a cyberattack
  • IT officials were able to delete the virus without incident
  • Roughly 20 computers had been minimally affected
Read More

 
Union County Government System, Union Co.

Breach Type – Unknown, Ransomware

NJ

  • Cyberattack targeted county employees' email
  • Personal information remained safe during cyberattack
  • Officials stated that emergency services were unaffected
Read More

 
Township of Roxbury, Morris County

Breach Type - Unknown, Malware

Tap Into

  • Several computers were affected as the township realized that data needed to be restored from backups
  • The origin of the virus is still unknown as investigations are still underway over this seemingly isolated incident
  • It is unknown if this was a ransomware based attack as all infected files were removed
Read More

 
Mercer County Clerk, Mercer County

Phishing, Other

NJ 1015

  • Mercer county residents have been warned after phishing scam targets many email accounts
  • The offices of the county looked into claims of false invoices claiming and requesting payments
  • People were contacted to not send money or information to the fraudulent emails
Read More

 
Borough of Palisades Park, Bergen County

Breach Type – Phishing, Other

North Jersey

  • $460,000 was missing from fraudulent wire transfers
  • Emails were compromised however how is unknown
  • Theft is possibly related to a hacking attack on Borough’s computer systems
Read More

 
Borough of Oakland Administrative Systems, Bergen County

Breach Type - Malware

North Jersey

  • Malware invades Borough’s computer system
  • Breach detected just before Christmas
  • Computer virus affected Borough administrative systems exclusively
  • No evidence surfaced of damage to system or personal information compromised
  • Significant restoration to be completed
Read More

 
The Brick Township Municipal Utilities Authority, Ocean County

Breach Type - Phishing, Malware

Brick Shorebeat

  • Discovered official emails of employees available on pastebin
  • Posts do not appear to include passwords
  • NJ advises those to be cautious of spear phishing attempts
Read More

 
Bloomfield Township Website, Essex County

Breach Type - Hacking, Other

TAP into Bloomfield

  • Township of Bloomfield website hacked
  • Information Technology director working to restore webpage
  • The Township’s primary destination for official information displayed a blank page
Read More

 
New Jersey State Government & Education Employees

Breach Type - Other

New Jersey News 12

  • Discovered official emails of employees available on pastebin
  • Posts do not appear to include passwords
  • NJ advises those to be cautious of spear phishing attempts
Read More

 
Cape May County

Breach Type - Ransomware

Press of Atlantic City

  • County persecutor did not specify the groups affected in this attack
  • Fraudulent UPS link in email started the virus in one case
  • Phishing links sent out to employees
  • Multiple attacks hit this county
Read More

 
Town of Springfield, Union County

Breach Type - Hack

PR Newswire

  • PD management server used to breach information about township residents and visitors
  • All personal info of the people could be at risk
  • Town will implement better cybersecurity for future prevention of hacks
Read More

 
Newark City Hall

Breach Type - Ransomware

Tap Into Newark

  • Hacker demands $30,000 in bitcoin
  • Disrupted many services except 911
  • Malware encrypted infected files with an RAS-2048 algorithm
  • Unknown if ransom was paid
Read More

 
Town of Plainfield

Breach Type - Ransomware

CBS New York

  • Computer systems hijacked when employee clicked email link
  • Three computers infected before they could be taken offline
  • 10 years’ worth of data lost
Read More

 
BACK TO TOP

Medical

Cooper University Health Care Provides Notice of Data Security Incident, Camden County

Breach Type – Hacking, Data Breach

PR Newswire

  • “Cooper University Health Care ("Cooper"), a health system that provides treatment to its patients throughout South Jersey and the Delaware Valley, has learned of a data security incident that may have impacted data belonging to current and former Cooper patients."
  • “On December 13, 2021, Cooper learned of unusual activity involving an employee's email account. Upon discovering this activity, Cooper immediately launched an investigation with the assistance of independent cybersecurity experts to determine what happened and identify whether personal / protected health information had been accessed or acquired without authorization."
  • "The investigation revealed that an employee email account had been accessed without authorization sometime on or before November 24, 2021. Cooper then launched a comprehensive review of the contents of the email account. On May 10, 2022, Cooper learned that some individuals' personal and protected health information may have been contained therein."
  • "At this time, Cooper has no evidence that any of the potentially affected information was accessed, disclosed, or misused as a result of this incident. "
  • "The following personal and protected health information may have been involved in the incident: names, dates of birth, medical professional's names, diagnosis and treatment information, billing and claims information, and medical record number."
Read More

 
Hackers expose 4,000 Englewood Health patients' data, Bergen County

Breach Type –Hacking, Data Breach

Becker Hospital Review

  • "On Feb. 14, Englewood Health became aware that an employee's username and password had been compromised by an unauthorized third party."
  • “An investigation found the unauthorized party obtained access to patient data, including names, dates of birth and "limited health information of a limited number of Englewood Health patients." The unauthorized party had access to the information for less than 40 minutes before they were locked out of Englewood Health's network, according to the system."
  • “The system notified affected patients and offered them free credit monitoring services "out of an abundance of caution."
Read More

 
New Jersey clinic settles EHR database breach for $495k, Essex County

Breach Type – Unknown, Data Breach

Becker Hospital Review

  • "Diamond Institute for Infertility & Menopause has agreed to pay nearly $500,000 following a 2017 data breach that exposed the protected health information of more than 14,000 patients"
  • ”The infertility center in February 2017 discovered that a hacker accessed a third-party server containing an EHR database. While the database was encrypted and not exposed, supporting documents containing patients' names, birth dates, Social Security numbers, lab results and other information may have been accessible."
  • “The breach affected 14,633 individuals and allowed multiple instances of unauthorized access to the clinic's network between August 2016 and January 2017"
Read More

 
University Hospital New Jersey, Essex County

Breach Type – Unknown, Ransomware

Bleeping Computer

  • 48,000 documents were leaked following ransomware cyberattack
  • Information included 240 GB worth of data, bad actors released 1.7 GB data archive online
  • Patient information, Social Security numbers, dates of birth, and other medical information leaked
Read More
Tech Dator

  • Hospital paid Ransomware of over $600,000 to bad actors
  • Most hackers have agreed not to attack health systems during pandemic SunCrypt has made no such agreement
  • Initial Ransomware requested was over $1.7 million
Read More

 
Hackensack Meridian Health Group, Bergen County

Breach Type – Unknown, Data Breach

North Jersey

  • Personal information of donors was likely accessed following breach of third party vendor
  • Officials reassured donors that credit card and Social Security information remained unaccessed
  • Blackbaud paid the ransom that had been demanded by the bad actors
Read More

 
Hackensack Meridian Health, Edison County

Breach Type – Unknown, Ransomware

App

  • Health center forced to utilize pen and paper system
  • Ransomware was used in attack against health center
  • Officials expected operations would continue normally
Read More

 
ActivYouth Orthopaedics (Office of Dr. Ronald Snyder), Bergen County

Breach Type - Unknown, Ransomware

Data Breaches

  • Bergen County orthopedics center attacked by ransomware
  • Due to backups of patient information, most information was restored
  • They were unable to determine if patient information was stolen or compromised
Read More

 
Sunspire Health, Bergen Co.

Breach Type - Phishing, Data Breach

Health Data Management

  • Several employee email accounts affected in phishing attack
  • Sunspire secured accounts upon discovery of compromise
  • PHI of patients potentially exposed
Read More

 
Hackensack Sleep & Pulmonary Center

Breach Type - Ransomware

Healthcare IT News

  • Ransomware attack potentially breaches data of 16,476 patients
  • Malware encrypted Hackensack's EHR system
  • Hackensack refused to pay ransom
  • Reinstalled system and regained files via an unaffected backup server
Read More

 
New Jersey Spine Center

Breach Type - Ransomware

Data Breaches

  • Hackers encrypted all patient files, credit information, & backup servers
  • Ransomware variant confirmed as "CryptoWall"
  • Disabled phone system
  • NJ Spine Center paid ransom before contacting FBI
  • FBI cannot prosecute oversea hackers
Read More

 
BACK TO TOP

Education

Tenafly High School cancels finals due to ransomware attack, Bergen County

Breach Type – Unknown, Ransomware

FOX 5 News

  • "Students in Tenafly, New Jersey, have been learning the old-fashioned way since a ransomware attack crippled the school district's computer system last Thursday."
  • "The school district immediately shut down the computer system and contacted authorities — including the FBI — after recognizing signs of a ransomware attack."
  • "…would not say how much money the cyberattackers want or if the school district will pay it."
  • "The district is slowly reestablishing connections and enhancing its security systems."
Read More

 
Bernards Township School District Writes Parents About Data Breach , Franklin County

Breach Type –Hacking, Data Breach

Tap Into Basking Ridge

  • "Bernards Township School District mailed notices Wednesday that personal information may have been breached through the school computer data system last year."
  • “On April 6, 2021, the school first detected potential unauthorized access to the network. The school said it “contained the threat” and started “a prompt and thorough investigation with help from outside cybersecurity professionals.”
  • “The investigation determined that the unauthorized individuals removed certain files and folders from portions of the network"
  • "On Feb. 11 found that the impacted files and folders contained personal information, such as names, dates of birth, Social Security numbers, driver’s license and state identification numbers, financial account information, health insurance information, medical information, student record information, and online account usernames/passwords."
  • “Bernards Township School District has no evidence that any information has been misused as a result of the incident.”
Read More

 
Vulgar Messages Appear as Bridgewater Schools’ Websites Hacked

Breach Type – Hacking, Other

Patch.com

  • All 12 of the Bridgewater-Raritan School District websites appear to be hacked on Thursday night
  • The websites have been shut down.
  • This isn't the first cyberattack in the area. Hillsborough Public Schools were previously targeted in April forcing schools to close.
Read More

 
Bernards Township School District, Somerset County

Breach Type – Unknown, Malware

My Central Jersey

  • Bernards schools closed on April 7th, 2021 following cyber attack
  • Spokesperson says there is no reason to believe devices connected to the compromised servers were themselves compromised
  • Investigation is ongoing and updated protections are being put into place
Read More

 
Hillsborough Township Public Schools, Somerset County

Breach Type – Unknown, Malware

Tap Into

  • School district shut down systems per law inforcement recommendation after cyber attack
  • Classes moved from in person to virtual as a result of the attack
  • FBI investigation is ongoing
Read More

 
Somerset Hills Regional School District, Somerset County

Breach Type – Unknown, Ransomware

The Bernardsville News

  • School district's network fell victim to ransomware cyberattack
  • Officials sought assistance from third-party IT professionals
  • District's IT personnel worked closely with third-party IT to mitigate damage
Read More

 
Livingston Township, Essex County

Breach Type – Hacking, Ransomware

NJ1015

  • School district's computers hit with ransomware during Thanksgiving weekend
  • Email systems remained unaffected during the cyberattack
  • Officials worked to ensure technology was available for student use
Read More

 
Livingston Public Schools, Essex County

Breach Type – Unknown, Ransomware

ABC 7 NY

  • Ransomware cyberattack caused 2 hour delay for school district
  • Staff forced to utilize pen and paper for recording grades
  • Students issued computers in the interim, officials worked to restore data
Read More

 
Cherry Hill Public Schools District, Camden County;

Breach Type – Unknown, Ransomware

Courier Post

  • New Jersey school district was hit with ransomware cyberattack
  • Officials declined to comment on cause for computer outage
  • District remained focused on restoring computer services
Read More

 
Galloway Township Public School District, Atlantic County

Breach Type - Hacking

Press of Atlantic City

  • 800 school district employees affected in cybersecurity incident
  • Hackers completed two fraudulent wire transfers of $200,000
  • School District acted swiftly, recovering all funds
  • Staff members’ login credentials compromised
Read More

 
Irvington Public School District

Breach Type - Hack

NJ

  • Hackers send taunting email to school district
  • Email contained partial social security numbers of over 1,200 district employees
  • District working with law enforcement to identify hackers
Read More

 
Pinelands Regional School District

Breach Type - Virus/Other

The Sandpaper

  • Pinelands Regional School District falls victim to virus
  • Virus identified as "Emotet" variant
  • The program infected many of the district computers
Read More

 
Bloomfield Public School District

Breach Type - Hack

nj.com

  • Bloomfield District site was one of hundreds hacked across the U.S.
  • Pro-ISIS video displayed on site for three hours
  • FBI leading investigation
Read More

 
West Milford School District

Breach Type - Phishing

West Milford Messenger

  • Phishing scam affected google/gmail accounts
  • Employee & student contact information accessed, but no private data compromised
  • Suspended accounts temporarily and advised employees to change credentials
Read More

 
Wayne School District

Breach Type - Phishing

North Jersey

  • Wayne School District falls victim to Google Docs phishing scheme
  • Staff of the district, receiving health care benefits, potentially affected in breach
  • District will provide fraud protection at no cost
  • Secured the affected accounts & notified local authorities
Read More

 
BACK TO TOP