Two Boston city councilors are sounding the alarm on a “security breach” that occurred this week at City Hall, where an intruder was given free rein to rifle through office suites and steal wallets stuffed with cash and credit cards from employees.
Councilors Ed Flynn and Erin Murphy are calling for the city to tighten up security protocols in light of the intrusion and theft revealed in an email from the city’s property management department that was sent to City Hall staff on Tuesday and obtained by the Herald.
Meanwhile, Mayor Michelle Wu’s office said steps have already been taken to increase security patrols in response to the incident and a review is underway to determine whether protocols should be enhanced further.
“Yesterday, an unauthorized member of the public entered several office suites in City Hall and stole personal belongings from employees,” Tuesday’s email from the city states. “Property management and Boston Police are aware of the incidents and are collaborating on the investigation, as this is unacceptable and clearly violates feelings of trust and safety in our workplace.
“While City Hall is a welcoming building open to the public, only authorized personnel are allowed in office suites. This is a reminder that all staff need to be diligent, questioning any unfamiliar individuals within office suites, protecting all personal belongings, and alerting security of any suspicious behavior.”
Multiple Boston Police Department reports shed more light on th
City of Boston cybersecurity rating report: https://www.rankiteo.com/company/city-of-boston
"id": "CIT1764872965",
"linkid": "city-of-boston",
"type": "Breach",
"date": "12/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'incident': {'affected_entities': [{'customers_affected': 'City Hall '
'employees',
'industry': 'Public Administration',
'location': 'Boston, Massachusetts, USA',
'name': 'City of Boston (City Hall)',
'size': 'Large (municipal government)',
'type': 'Government'}],
'attack_vector': 'Unauthorized physical access',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'An unauthorized individual gained access to '
'multiple office suites in Boston City Hall, '
'stealing personal belongings, including wallets '
'with cash and credit cards, from employees. The '
'incident has prompted calls for tighter security '
'protocols and a review of existing measures.',
'impact': {'brand_reputation_impact': 'Negative impact on public '
'trust in City Hall '
'security',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': 'Cash and credit cards stolen',
'identity_theft_risk': 'Potential risk due to stolen '
'credit cards and personal '
'belongings',
'legal_liabilities': None,
'operational_impact': 'Violation of workplace trust '
'and safety',
'payment_information_risk': 'Stolen credit cards',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (collaboration between Property '
'Management and Boston Police)',
'lessons_learned': 'Need for stricter access controls and '
'employee vigilance in public-facing '
'government buildings.',
'motivation': 'Opportunistic theft',
'post_incident_analysis': {'corrective_actions': 'Review and '
'enhancement of '
'security '
'protocols, '
'increased '
'patrols, and '
'potential '
'additional '
'access '
'restrictions.',
'root_causes': 'Insufficient physical '
'security measures and '
'access controls in '
'office suites.'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Enhance security protocols, increase '
'patrols, and reinforce employee training on '
'identifying and reporting suspicious '
'individuals.',
'references': [{'date_accessed': None,
'source': 'Boston Herald',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Email notification to '
'City Hall staff',
'containment_measures': 'Increased security patrols',
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Boston Police '
'Department',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Review of security '
'protocols',
'third_party_assistance': None},
'stakeholder_advisories': 'City Hall staff advised to be '
'diligent, question unfamiliar '
'individuals, and report suspicious '
'behavior.',
'threat_actor': 'Unauthorized individual (identity unknown)',
'title': 'Security Breach at Boston City Hall Involving '
'Unauthorized Access and Theft',
'type': 'Physical Security Breach, Theft',
'vulnerability_exploited': 'Insufficient access controls and '
'monitoring in office suites'}}