The City of St. Joseph suffered a ransomware-driven cyberattack in early June, crippling its network for weeks and potentially exposing personal data of ~11,000 residents, including records from police and health departments. Critical services (emails, phones, file access, payment systems) were paralyzed, forcing staff to rely on hotspots, personal devices, or outdated records. Police, fire, and emergency dispatch remained operational via contingency protocols, but public-facing operations (e.g., customer payments, business coordination) faced severe disruptions. The city spent over $1 million on cybersecurity upgrades (servers, firewalls, threat protection, MFA) and a $50,000 insurance deductible. While no evidence of data misuse was found, residents received free credit monitoring due to exposure risks. The attack also delayed public crime reports and caused long-term operational strain, with some processes still interrupted months later. A former staffer quit due to the chaos, citing stress from manual workarounds and security concerns over credit card transactions during the breach.
TPRM report: https://www.rankiteo.com/company/city-of-st.-joseph
"id": "cit3592135090825",
"linkid": "city-of-st.-joseph",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '11,000 residents (notified via '
'letters)',
'industry': 'Public Administration',
'location': 'St. Joseph, Missouri, USA',
'name': 'City of St. Joseph, Missouri',
'type': 'Municipal Government'},
{'industry': 'Public Safety',
'location': 'St. Joseph, Missouri, USA',
'name': 'St. Joseph Police Department',
'type': 'Law Enforcement Agency'},
{'industry': 'Healthcare',
'location': 'St. Joseph, Missouri, USA',
'name': 'St. Joseph Health Department',
'type': 'Public Health Agency'},
{'industry': 'Public Safety',
'location': 'St. Joseph, Missouri, USA',
'name': 'St. Joseph Fire Department',
'type': 'Emergency Services'}],
'customer_advisories': 'Public announcements via Facebook and press releases; '
'direct letters to affected individuals',
'data_breach': {'data_exfiltration': 'Possible (unauthorized third party may '
'have acquired files)',
'number_of_records_exposed': '11,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['Personal information',
'Police records',
'Health department records']},
'date_detected': '2024-06-09T02:30:00',
'date_publicly_disclosed': '2024-06-09',
'description': 'The City of St. Joseph, Missouri, suffered a significant '
'cyberattack in early June 2024, which disrupted network '
'services for an extended period and potentially exposed the '
'personal data of approximately 11,000 residents. The attack, '
'suspected to involve ransomware, crippled critical city '
'operations, including police and health department systems. '
'The city spent over $1 million on cybersecurity upgrades and '
'recovery efforts, with notifications sent to affected '
'residents offering credit monitoring and identity theft '
'protection services.',
'impact': {'brand_reputation_impact': 'Negative (public distrust due to '
'delayed notifications and operational '
'chaos)',
'customer_complaints': 'Likely (due to service disruptions and '
'lack of clarity)',
'data_compromised': 'Personal information of ~11,000 residents, '
'including records from police and health '
'departments',
'downtime': 'Extended period (weeks to months; some processes '
'still disrupted as of September 2024)',
'financial_loss': '$1,000,000+ (cybersecurity upgrades and '
'recovery costs)',
'identity_theft_risk': 'High (credit monitoring offered to 11,000 '
'residents)',
'legal_liabilities': 'Potential (under Missouri’s data breach '
'notification law; no fines confirmed yet)',
'operational_impact': 'Severe disruption to daily business, '
'including public safety coordination, '
'customer payments, and record access. '
'Workarounds implemented for essential '
'services.',
'payment_information_risk': 'High (employee concerns over credit '
'card transactions during breach)',
'systems_affected': ['Network services',
'Email server',
'File access',
'Communication systems',
'Police and Fire Department operations',
'Customer payment systems']},
'initial_access_broker': {'high_value_targets': ['Police records',
'Health department records',
'Customer payment systems']},
'investigation_status': 'Concluded (as of September 4, 2024; electronic '
'discovery completed)',
'post_incident_analysis': {'corrective_actions': ['$1M+ infrastructure '
'upgrades',
'Security licensing for '
'threat protection',
'Improved backup processes',
'Multifactor authentication '
'implementation']},
'ransomware': {'data_encryption': 'Likely (ransom notes observed by '
'employees)',
'data_exfiltration': 'Possible'},
'references': [{'source': 'News-Press NOW'},
{'source': 'City of St. Joseph Press Release (June 9, 2024)'},
{'source': 'City of St. Joseph Press Release (September 2024)'},
{'source': 'Sunshine Law Request Documents (Emails, Insurance '
'Claims)'}],
'regulatory_compliance': {'fines_imposed': 'None reported',
'regulations_violated': ['Missouri Data Breach '
'Notification Law (2009)'],
'regulatory_notifications': 'Letters to 11,000 '
'affected residents (as '
'required by law)'},
'response': {'communication_strategy': ['Initial Facebook announcement (June '
'9)',
'Press release (June 26 and '
'September)',
'Letters to 11,000 affected residents '
'with credit monitoring offers'],
'containment_measures': ['Immediate network shutdown at all '
'locations',
'Isolation of affected systems'],
'enhanced_monitoring': 'Likely (part of $1M+ infrastructure '
'upgrades)',
'incident_response_plan_activated': 'Yes (network shutdown, IT '
'investigation, third-party '
'specialists engaged)',
'law_enforcement_notified': 'Yes',
'recovery_measures': ['Purchased new servers, firewalls, '
'networking equipment, and data storage '
'solutions',
'Improved backup processes',
'Security licensing for threat protection, '
'firewall, email, endpoint security, '
'DNS-layer defense, and MFA'],
'remediation_measures': ['Wiped and rebuilt affected systems',
'Bolstered network security'],
'third_party_assistance': 'Yes (outside IT specialists, Tokio '
'Marine HCC for risk assessment, CBIZ '
'Insurance Services)'},
'stakeholder_advisories': 'Letters to 11,000 residents with credit monitoring '
'offers',
'title': 'Cyberattack on the City of St. Joseph, Missouri',
'type': ['Data Breach', 'Ransomware Attack']}