Ransomware Attack Targets Ardmore Police Department, Exposes Five Years of Data
On April 8, hackers breached the Ardmore, Oklahoma, police department’s servers in a ransomware attack, encrypting sensitive data and demanding payment for its release. The incident originated from a phishing email clicked the evening of April 7, allowing threat actors to deploy malicious software. By 12:05 a.m., the attackers had encrypted files, potentially exposing personal information including names, addresses, and phone numbers from police records dating back five years.
City officials confirmed that anyone whose details were logged in police reports such as accident victims or crime witnesses may have been affected. The hackers demanded $300,000 to prevent data leaks, but the city refused, citing concerns over losing access to state databases. While the breach was contained within hours, officials remain uncertain whether any data was exfiltrated. No stolen information has surfaced on the dark web, and financial records stored separately were not compromised.
The city has since strengthened its cybersecurity measures, and the FBI continues to investigate the incident. Most of the exposed data was classified as public record.
Source: https://www.kswo.com/2026/05/05/ardmore-police-database-hit-by-ransomware-attack/
Ardmore Development Authority cybersecurity rating report: https://www.rankiteo.com/company/ardmore-development-authority
"id": "ARD1778574566",
"linkid": "ardmore-development-authority",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Individuals logged in police '
'reports (e.g., accident '
'victims, crime witnesses)',
'industry': 'Law Enforcement',
'location': 'Ardmore, Oklahoma, USA',
'name': 'Ardmore Police Department',
'type': 'Government'}],
'attack_vector': 'Phishing Email',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Uncertain',
'personally_identifiable_information': 'Names, addresses, '
'phone numbers',
'sensitivity_of_data': 'Public record (mostly), but includes '
'personally identifiable information',
'type_of_data_compromised': 'Personal Information'},
'date_detected': '2024-04-08T00:05:00',
'description': 'On April 8, hackers breached the Ardmore, Oklahoma, police '
'department’s servers in a ransomware attack, encrypting '
'sensitive data and demanding payment for its release. The '
'incident originated from a phishing email clicked the evening '
'of April 7, allowing threat actors to deploy malicious '
'software. By 12:05 a.m., the attackers had encrypted files, '
'potentially exposing personal information including names, '
'addresses, and phone numbers from police records dating back '
'five years. City officials confirmed that anyone whose '
'details were logged in police reports such as accident '
'victims or crime witnesses may have been affected. The '
'hackers demanded $300,000 to prevent data leaks, but the city '
'refused, citing concerns over losing access to state '
'databases. While the breach was contained within hours, '
'officials remain uncertain whether any data was exfiltrated. '
'No stolen information has surfaced on the dark web, and '
'financial records stored separately were not compromised. The '
'city has since strengthened its cybersecurity measures, and '
'the FBI continues to investigate the incident. Most of the '
'exposed data was classified as public record.',
'impact': {'data_compromised': 'Names, addresses, phone numbers from police '
'records (5 years of data)',
'identity_theft_risk': 'Potential risk for individuals whose data '
'was exposed',
'operational_impact': 'Breach contained within hours; uncertainty '
'over data exfiltration',
'payment_information_risk': 'None (financial records not '
'compromised)',
'systems_affected': 'Police department servers'},
'initial_access_broker': {'data_sold_on_dark_web': 'No evidence of data '
'surfacing on the dark web',
'entry_point': 'Phishing Email'},
'investigation_status': 'Ongoing (FBI investigation)',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Strengthened cybersecurity '
'measures',
'root_causes': 'Phishing email clicked by an '
'employee'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Uncertain',
'ransom_demanded': '$300,000',
'ransom_paid': 'No'},
'references': [{'source': 'Incident Description'}],
'response': {'containment_measures': 'Breach contained within hours',
'law_enforcement_notified': 'FBI',
'remediation_measures': 'Strengthened cybersecurity measures'},
'title': 'Ransomware Attack Targets Ardmore Police Department, Exposes Five '
'Years of Data',
'type': 'Ransomware'}