The Alabama state government detected a cyberattack on May 9, 2024, which was neutralized after a 10-day coordinated response. Investigations confirmed no exfiltration of personally identifiable information (PII) of citizens, nor major service disruptions. However, attackers gained unauthorized access to usernames and passwords of some state employees’ accounts, prompting a system-wide password reset as a precautionary measure. The OIT did not attribute the attack to any specific actor, citing focus on mitigation rather than attribution. While no critical data breaches or operational outages occurred, the compromise of employee credentials poses a latent risk for follow-up attacks, such as phishing or lateral movement within state systems. The incident aligns with broader trends targeting government entities, where credential theft often precedes more severe intrusions like ransomware or data exfiltration. No ransom demands or financial scams were reported in this case.
Source: https://therecord.media/alabama-cyberattack-neutralized
Alabama Office of Information Technology cybersecurity rating report: https://www.rankiteo.com/company/alabama-office-of-information-technology
"id": "ALA58105358112625",
"linkid": "alabama-office-of-information-technology",
"type": "Cyber Attack",
"date": "5/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Public Administration',
'location': 'Alabama, USA',
'name': 'State of Alabama (Office of Information '
'Technology - OIT)',
'type': 'Government'}],
'customer_advisories': 'No major disruptions; password resets advised for '
'employees',
'data_breach': {'data_exfiltration': 'No evidence of PII exfiltration',
'personally_identifiable_information': 'No evidence of '
'citizen PII '
'compromise',
'sensitivity_of_data': 'Moderate (employee credentials)',
'type_of_data_compromised': ['credentials (usernames, '
'passwords)']},
'date_detected': '2024-05-09',
'date_publicly_disclosed': '2024-05-16',
'date_resolved': '2024-05-21',
'description': 'The government of Alabama confirmed a cyberattack on state '
'systems, first identified on May 9. The threat was '
'neutralized after a coordinated response, with no evidence of '
'exfiltration of personally identifiable information (PII) of '
'Alabama citizens or major service disruptions. Intruders '
'gained access to usernames and passwords of some state '
'employees’ accounts, prompting a password reset. The identity '
'of the threat actor(s) remains unknown, and any criminal '
'investigations will be handled by state/federal law '
'enforcement.',
'impact': {'data_compromised': ['usernames', 'passwords (state employees)'],
'identity_theft_risk': 'No evidence of PII exfiltration (Alabama '
'citizens)',
'operational_impact': 'No major disruptions reported'},
'investigation_status': 'Completed (threat neutralized; no attribution)',
'post_incident_analysis': {'corrective_actions': ['Password resets',
'Coordination with '
'cybersecurity experts']},
'references': [{'source': 'StateScoop / Alabama OIT Public Statements'}],
'regulatory_compliance': {'legal_actions': 'Potential state/federal '
'investigations (unspecified)'},
'response': {'communication_strategy': ['Public updates on May 16 and May 21'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Password resets for state employees'],
'third_party_assistance': ['Unspecified cybersecurity experts']},
'stakeholder_advisories': 'Public updates via OIT communications',
'title': 'Cyberattack on Alabama State Systems'}