Virginia Cyber Attacks

Infrastructure Affected

Public Safety
Back to Archive

Public Safety

Cyber Criminals Executed Attack on Bristol Police Computers, Bristol County

Breach Type – Unknown, Ransomware

Bristol Herald Courier

  • "Cyber criminals conducted a ransomware attack on the Bristol Virginia Police Department’s computers earlier this year and now appear to be trying to sell information on the dark web."
  • ”Criminals are able to externally gain control of computers via the internet and either access information to resell or demand ransom payments for owners to regain access. Eads said the city refused to pay any ransom."
  • "the Bristol Herald Courier obtained a screenshot of the apparent dark web listing, which appears to show the information is available for $30,000."
  • ” the seller claims to have extracted 2 terabytes of data, including personal data of employees, data about citizens, offenses, prosecutions, personal data of citizens, mail archives, video camera recordings, scans of documents, annual reports, budget reports and other information."
Read More

Petersburg 911 Emergency Communications Center (Petersburg City County) & City of Richmond 911 Center (Henrico County)

Breach Type - Hacking, TDoS/DDoS


  • Petersburg Bureau of Police 911 Emergency Communications Center experienced influx of calls from states along the southern part of the country
  • Influx due to callers from those jurisdictions calling (804) 777-9815 which was linked to VA 911 by a hacker
  • Police Captain urging public not to use that number
  • The national incident is also affecting City of Richmond’s 911 Center
Read More

Malware Shuts Down VA State Police

Breach Type - Hack

The Virginian Pilot

  • Agency shut down email service
  • Malware affects ability to update Sex Offender & Crime Against Children web pages
  • Daily field operations not affected
Read More


Local Government

Middleburg Weathers Cyber Attack, Loudon County

Breach Type – Phishing, Data Breach

Loudon Now News

  • “The Town of Middleburg has reached out to 102 individuals whose personal identifying information may have been accessed by “malicious actors” during data breach in late January."
  • “According to a town notice, sometime between Jan. 25 and Jan. 31 an employee’s Outlook email account was accessed by someone who then impersonated a vendor to request payment from the town. Once the breach was detected, the town worked with its IT contractor and cyber security experts to secure personal information and better protect the town’s network. No servers, systems, or other data was accessed.”
  • "There is no definitive evidence that anyone’s personal information was accessed. However, because an unknown actor gained access to the employee’s email account, we are providing this notice out of an abundance of caution. To date, we have not received any indication that anyone’s information has been misused by an unauthorized individual,” the town stated.
  • ”The town sent letters to 102 people whose information could have been access from the account to provide an update on the case, information about resources to protect their interests, and contact information if they need additional assistance.”
Read More

Hackers access several state employees' payroll data, Richmond County

Breach Type – Hacking, Data Breach

  • "Computer hackers intercepted log-in information from several state employees as the workers tried to access the state's human resources and payroll apps on their personal device”
  • ”The Department of Accounts and Virginia Information Technologies Agency took action to halt the hacking after becoming aware of it a week ago Monday."
  • “The hackers used stolen log-in information to try to access employees' banking information, the agencies said.”
  • ”So far, the agencies have identified three people who have been financially impacted by the incident.
Read More

City of Waynesboro targeted in cyber attack, Augusta County

Breach Type – Unknown, Ransomware

NBC 29 News

  • “Some personal information in floating around in cyberspace after a ransomware attack against the city of Waynesboro."
  • “The city’s manager, Mike Hamp, said in a statement they were notified of a potential cyberattack in January. It affected Waynesboro’s information technology infrastructure."
  • "Hamp declined to meet or speak with NBC29, but in the statement he says the city took immediate action to remove the attack and put in place preventative security measures to “lessen the system’s vulnerability to cyberattacks.” He goes on to say that the city and the police department are trying to identify what happened.”
  • ”The city manager added that anyone personally affected by the leak will be contacted.”
Read More

US Marshals hit with ‘major’ hack, sensitive data compromised, Arlington County

Breach Type – Hacking, Data Breach

The Hill

  • “The United States Marshals Service says it was hit with a “major” security breach over a week ago, compromising systems that contained sensitive information."
  • “U.S. Marshals Service spokesperson Drew Wade said in a statement to The Hill on Monday evening that the agency discovered the “ransomware and data exfiltration event” on Feb. 17, adding that it affected a “stand-alone” system. He said that after the discovery, the Marshals Service “disconnected” the system and the Justice Department initiated a forensic investigation.”
  • ”A senior law enforcement official told NBC News that the hack did not affect the Witness Security Program, and that no one in the program is at risk due to it. The official added that the breach affected law enforcement sensitive information about the subjects of the agency’s investigations.”
Read More

Southampton County, Virginia reports ransomware incident

Breach Type – Unknown, Ransomware

  • “On September 6, 2022, a single server at Southampton was encrypted by a cyber criminal. Fortunately, Southampton fought off this cyber-attack with no interruption to essential County operations."
  • "However, after Southampton recovered from this incident, a single W-2 form appeared on the dark web with the criminal claiming that they removed sensitive data from the encrypted Southampton server.”
  • "The server in question held some archived County information."
Read More

Hampton Public Library website hacked, redirects to adult retail store

Breach Type – Hacking, DoS

13 News Now

  • “City leaders created a new website after someone reportedly acted as a city employee to hack the public library's website domain."
  • "The Hampton Public Library is making some big changes after someone hacked the website, redirecting people to an adult retail store website.”
  • "A lot of times the threat actor gets in through a weak password or passwords that are shared. Multi-factor authentication everything that you have that next layer of authentication to get into the account."
Read More

Va. Agency's payroll management system 'paralyzed' by ransomware attack, State of Virginia

Breach Type – Unknown, Ransomware

Richmond News

  • “As Virginia struggles to control a ransomware attack on its legislative branch of government, an agency in the state’s executive branch also has been hit in a second attack that is global in scope.”
  • “The Department of Behavioral Health and Developmental Services said Tuesday that its IT system for managing employee payroll and time sheets has been “paralyzed” by a ransomware attack on the global network of the Ultimate Kronos Group, a digital cloud-based human resources management company.”
  • “At this time, we do not know if this is related to the ransomware attack over the weekend on Virginia’s legislative agencies”
  • “There is no indication that information was compromised or that any DBHDS systems have been compromised, but it is clear that the operation of the KRONOS system has been paralyzed. What we do know is staff WILL be paid their normal compensation and on time.”
Read More

Virginia state agency hit with ransomware attack, State of Virginia

Breach Type – Unknown, Ransomware

NBC News

  • “A Virginia legislative branch agency has been hit by a ransomware attack, Gov. Ralph Northam’s office said Monday.”
  • “Northam’s spokeswoman, Alena Yarmosky, confirmed the attack on Virginia’s Division of Legislative Automated Systems.”
  • “The timing of the attack is particularly problematic, as lawmakers and staff are deep into preparations for a legislative session set to start in January.”
  • “A ransom note with no specific amount or date was sent, according to the email sent Monday afternoon by Dave Burhop.”
Read More

Warren County recovering from March computer infiltration

Breach Type –Unknown, Malware

The Northern Virginia Daily

  • “Warren County continues to update its technology months after a country-wide “infiltration” hampered government computer systems.”
  • “The infiltration, which occurred in March, prevented some of the county’s departments from accessing information needed to perform certain tasks or sending and receiving email. The infiltration did not compromise county data stored on servers, officials said.”
  • “But the incident, which also affected private and public systems in other states, spurred the Warren County to upgrade its technology.”
  • “Supervisor Delores R. Oates asked Jones where the county stands on recovering data, such as old emails, lost. Jones said the process involves recovering old emails from the server and transferring that date to a person’s email account. Jones said the recovery process is about 80% complete.”
  • “The Technology Department has since updated a main computer system and trained employees on how to back up its data every night, Jones explained. The county has upgraded its phone system, Jones said. The department also completed work to connect Energov with the county’s geographic information system, which will help the building inspections department to perform its duties. The technology department has also reviewed security systems and accessibility. The county also is forming an information technology committee made up of members from each department.”
Read More

Hampton Roads Sanitation District, Virginia Beach Independent City

Breach Type – Unknown, Ransomware

The Virginian-Pilot

  • Ransomware used in cyberattack against sanitation district's network
  • Entire district's computer network was taken offline as safety precaution
  • Officials released a statement advising that customers could still make payments
Read More

City of Charlottesville, Albemarle County

Breach Type – Other, Data Breach

Daily Progress

  • Charlottesville, Virginia was victim of cyberattack for second time in a year
  • Third-party software for tax payments was breached
  • Officials unsure how many citizens were affected in the attack
Read More

City of Charlottesville, Albemarle County

Breach Type – Phishing, Data Breach

CBS 19 News

  • Over 10,000 utility customers in the Charlottesville area advised by city officials that their information was possibly leaked
  • City advised they were unaware of any misuse of the leaked information, informed affected customers to be safe
  • Leaked information included customer's names, addresses, SSNs, and driver's license information
Read More

Spotsylvania County

Breach Type – Phishing, Other


  • $600,000 was compromised in a recent phishing scheme within Spotsylvania County
  • Over half of the total sum had been restored due to Virginia State Police's efforts in restorations and investigations
  • The original intercepted payment was meant for a $1.2 Million football field for the local high school
Read More

Hanover County Online Payment System, Hanover County

Breach Type - Other, Data Breach

Data Breaches

  • Credit card information had been compromised
  • Hackers intercepted payment information
  • The system was put offline for further investigation
  • Software was completely replaced to prevent this in the future
  • County suspects all payment information was logged for months
Read More

Town of Christiansburg, Montgomery County

Breach Type - Phishing, Data Breach

Virginia First

  • Employee emails compromised in phishing scheme
  • Hackers persistently sent phishing emails to Town officials for three months
  • The Town’s customer financial data was possibly compromised in attack
Read More

Town of Round Hill, Loudoun County

Breach Type - Other, Data Breach

Round Hill VA

  • Town of Round Hill suffered data breach & destruction of electronic records
  • Data Recovery is ongoing
  • Independent technology consultant hired to perform internal investigation
Read More
Loudoun Now

  • Town put new security protocols in place
  • All passwords changed and access to servers limited
  • Utility billing files and finance records kept on different system, safe from cyber attack
Read More

Department of Environmental Quality, Richmond City

Breach Type - Hack

Richmond Times-Dispatch

  • Website content management system contained vulnerability in software
  • Vulnerability allowed hackers to access system
  • Intrusion detected and quickly detained
Read More

City of Richmond

Breach Type - Ransomware

Richmond Free Press

  • Director of Richmond's IT department claims there have been 2-3 ransomware attacks on system
  • All mitigated by IT team, using backups
  • Did not call external contractor
Read More

State of Virginia Election System

Breach Type - Hack

USA Today

  • Russian hackers attempted to infiltrate election systems during 2016 presidential elections
  • U.S. Dept. Of Homeland Security notified states of attempted breaches
  • States that were targeted included some key political battlegrounds such as Virginia
Read More

City of Charlottesville website

Breach Type - DDoS

Hack Read

  • Hacktivist group "Anonymous" takes credit for DDoS
  • Hack response to white supremacy protesters hit
  • Website forced to go offline
Read More



VXU Health data breach exposes private information on thousands of patients, Henrico County

Breach Type – Hacking, Data Breach

NBC 12 News

  • “VCU Health revealed to patients that the system had a massive data breach."
  • “In total, 4,441 patients were potentially impacted. VCU Health’s investigation determined that the information was accessible to these patients as early as Jan. 4, 2006."
  • "This data breach was not a public leak of records, but it allowed organ donors or transplant recipients with patient portal access to see each other’s private information. They would have been able to potentially access names, social security numbers, medical records, lab results and more."
Read More

Jefferson Surgical Clinic notifies 174,769 about June, 2021 data breach, Roanoke County

Breach Type – Unknown, Data Breach

  • "On January 6, Jefferson Surgical Clinic in Virginia reported a breach involving protected health information"
  • On June 5, 2021, Jefferson Surgical Clinic detected that it was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate Jefferson Surgical Clinic’s computer network."
  • "We immediately notified the FBI and launched an investigation and engaged a law firm specializing in cybersecurity and data privacy, and third-party forensic specialists to assist."
  • "That investigation has recently determined that information – including your name, date of birth, social security number, and health/treatment information – were potentially accessed by an unknown party that is not authorized to handle or view such information."
  • ”174,769 people were being notified of the incident and were being offered credit monitoring services."
Read More

AllyAlign Health, Henrico County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • A notice was sent out to patients about an exposure that occurred on their computer systems
  • Over 33,000 current and former patients were exposed leading to a pubic release
  • The Information exposed includes Social Security numbers, names, addresses and medical history, and more
Read More

Konikoff Dental Associates Harbour View, Suffolk City

Breach Type – Unknown, Data Breach


  • Officials believed data breach caused risk to personal data
  • Cyberattack breach included names, addresses, and billing information
  • Files that were most likely breached were given close examination
Read More

Chesapeake Regional Health, Chesapeake City

Breach Type – Unknown, Data Breach


  • Healthcare provider was victim of cyberattack over several months
  • Over 23,000 patients were notified that their information may have been accessed
  • Officials reassured victims that financial information remained intact
Read More

Inova Health System, Fairfax County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • Healthcare system was one of thousands that fell victim to data breach
  • Breach affected more than 1 million private individuals' information
  • Information included patient and donor names, addresses, dates of birth, and phone numbers
Read More

UVA Health System

Breach Type - Hack

NBC 29

  • Physician's devices infected with malware
  • Hacker then had access to employee's activity
  • Hacker potentially monitored private data
  • 1,882 patients have been notified of possible data compromise
Read More

Professional Dermatology Care

Breach Type - Ransomware

Health Care IT News

  • Professional Dermatology Care notified 13,237 patients of ransomware attack
  • Breach on network server encrypted patient data
  • Hackers' motive was to extract money from the practice
  • It remains unclear if ransom was paid
Read More



Superintendent confirms Virginia school system hit with ransomware attack: Daily operations impact 'minimal', Middlesex County

Breach Type – Unknown, Ransomware


  • ”Middlesex County Public Schools Superintendent Dr. Tracy Seitz confirmed late Thursday afternoon that the school system experienced a ransomware attack Thursday.”
  • ”Seitz said staffers are working to determine if any student and staff information was compromised.”
  • “Officials with the school system said they will notify people directly impacted and provide free credit reporting.”
Read More

Franklin County Public Schools back in operation after ransomware attack

Breach Type – Unknown, Ransomware


  • "Franklin County Public Schools (FCPS) were victims of a ransomware attack. Schools were closed on May 15, as a team worked to address the issue. The division said the impacts are being reviewed and students were back in class on May 16.”
  • “FCPS shared that they did not pay a ransom and that this remains an ongoing investigation.”
  • ”Currently, they do not have any evidence to believe that personal identifying information was stolen during the cyberattack, however, they added that they are still investigating and will have more information in the next few days.”
Read More

Fairfax County Public Schools breach exposed sensitve student information

Breach Type – Hacking, Data Breach

  • “FCPS’s notification for this latest incident states that on or about December 19, 2022, an unauthorized user reportedly accessed two FCPS business email accounts."
  • “The attack was detected “shortly thereafter, “but their investigation was unable to determine if the attacker had accessed or viewed any of the personal information in those two accounts. The information involved in the breach was “information that FCPS teachers use to provide certain educational services to students,” which includes their name, address, and/or certain mental or physical health history, condition, treatment, or diagnosis information…. Examples of this medical information include information about a child’s allergies or medically restricted diets, EpiPen ownership, disability or health condition (if applicable), and whether a student has a history of seizures.”
  • "On April 17, external counsel for the district notified Maryland’s Attorney General that 8 Maryland residents were affected. Letters had previously gone out to those affected on or about February 10, but the notification does not reveal the total number of students affected by the incident.”
Read More

Stratford University discloses ransomware attack — but which ransomware attack, Fairfax County

Breach Type – Unknown, Ransomware

  • "DataBreaches’ report on Stratford University was published on September 8. At some later date, the school announced it was closing at the end of that term. The closure was reportedly not related to cyberattacks but to accreditation issues and finances that had arisen in August. Stratford University has filed a breach notification with the Maine Attorney General’s Office. The report indicates that the breach occurred on August 26, 2022."
  • ”The appended notification letter, submitted to Maine appears to be reporting a single ransomware attack. There is no mention of attacks by multiple groups or data leaks by various bad actors. So which attack were they reporting? REvil’s attack had been disclosed by REvil back in April of 2022. Snatch Team added their attack to their own leak site on August 17, presumably before the attack Stratford reported as occurring August 26. On January 15, 2023, Snatch Team dumped more than 50 GB of files from the school on their leak site. And Avos Locker started leaking the school’s data on September 7. So was it the Avos attack the university reported last week? And if so, were the other attacks ever disclosed to students or employees or to regulators?"
  • "The personal information obtained in the August attack reportedly included first and last name, phone number, address, email address, date of birth, student identification number, passport number, and Social Security number. Stratford reported that a total of 78,692 individuals were affected. Presumably that is for the one incident they reported. Although the university is now closed, a breach notice is linked from their home page. DataBreaches sent an email inquiry to the university’s external counsel to inquire about the report to Maine and whether all three attacks were ever disclosed. No reply was immediately received. This post will be updated when a reply is received."
Read More

Greensville County Public Schools hit by Grief threat actors

Breach Type – Hacking, Ransomware

  • "Greensville County Public Schools in Emporia, Virginia was added to Grief’s dark web leak site on September 21. But by September 15, the district had already disclosed that they were dealing with a cyberware attack."
  • "The thousands of files that Grief dumped related to special educational evaluations, plans, and processes for students in the district’s schools. The files were date-stamped from 2017 and 2018. The student records contained differing information on each student, but generally included the student’s name, address, phone number, parent or guardian’s name, and then information on the child which might include a medical or social history"
  • " did not see any employee personal information in the data that have been dumped so far,”
Read More

Roanoke College, Roanoke County

Breach Type – Unknown, Ransomware

Bleeping Computer

  • Following cyberattack, IT officials disabled computer network
  • Bad actors utilized ransomware in their hit
  • Officials advised that restoration of shared drives had begun
Read More

Fairfax County Public Schools, Fairfax County

Breach Type – Unknown, Ransomware

NBC 4 Washington

  • Bad actors posted private information following cyberattack
  • Leaked information includes disciplinary action information on 15 different students
  • Staff potentially had social security information contained within the leak
Read More
ABC 13 News

  • Hackers have posted stolen data online
  • The nature of the information exposed and volume of data was not specified by Fairfax County public schools
  • Officials states that only subset of individuals including a limited number of students were affected by the attack
Read More

King George County Schools, King George County

Breach Type – Unknown, Ransomware

The Free Lance-Star

  • Cyberattack was a limited attack only affecting four computers
  • Data loss was minimal and no server data was affected but affected desk tops were plagued by ransomware
  • The tech team was praised for their response along with its insurer VACORP allowed for a quick and effective analysis and solution
Read More

Virginia Wesleyan University, Norfolk City

Breach Type – Unknown, Ransomware


  • Wesleyan University victim of ransomware cyberattack
  • University outsourced assistance from cybersecurity firm
  • Law enforcement was notified about affected computer systems
Read More

Smyth County Schools, Smyth County

Breach Type – Unknown, Ransomware

The Roanoke Times

  • Smyth County, Virginia school district was victim of ransomware cyberattack
  • FBI and security consultants investigated cyberattack and checked for breaches
  • Attack paralyzed school district computer network, no evidence of data breach
Read More

Chesapeake Public School District, Chesapeake City County

Breach Type - Phishing, Malware


  • Malware attack responsible for taking Virginia schools off the grid
  • Virus entered network through phishing emails sent to employees
  • Several divisions affected, including Grassfield High School who was impacted the most from the virus
Read More

Fredericksburg City Public Schools, Spotsylvania County

Breach Type - Phishing


  • Hackers used phishing scheme to infiltrate school's electronic mail and file system
  • Hackers accessed 14 school employees' emails and one employee's files
  • Private information of parents & students potentially exposed
  • Infected emails continually spread throughout Fredericksburg employees for 3 days
Read More

Gloucester County Public Schools' Website

Breach Type - Hack

Daily Press

  • Gloucester County Public Schools' website hacked
  • Hackers injected Pro-ISIS propaganda through messages, videos, and images
  • The website was one of 800 school websites targeted in a nationwide attack
Read More

Powhatan County Public Schools

Breach Type - Phishing


  • Powhatan County Public Schools fell victim to spear-phishing scheme
  • Employee sent W-2 forms to hackers
  • 905 employees potentially affected by breach
Read More