The City of Greenville experienced a ransomware attack on August 5, disrupting critical technology systems, including police and municipal records. The attack rendered servers inaccessible, halting Public Information Act request fulfillments and delaying mandatory communications with the Texas Attorney General’s Office. While preliminary investigations suggest no confirmed compromise of personal data (employees or residents), the incident caused operational disruptions: intermittent phone outages, inability to process online utility payments (GEUS), and restricted access to billing systems. Emergency 911 services remained unaffected. Restoration efforts are underway, with partial recovery of police records expected soon, though full system recovery may take weeks. Third-party cybersecurity firms and legal counsel were engaged to mitigate the attack and investigate its scope.
Source: https://www.govtech.com/security/greenville-texas-restoring-services-after-cyber-attack
TPRM report: https://www.rankiteo.com/company/city-of-greenville-tx
"id": "cit535082825",
"linkid": "city-of-greenville-tx",
"type": "Ransomware",
"date": "5/2025",
"severity": "75",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'public administration',
'location': 'Greenville, Texas, USA',
'name': 'City of Greenville, Texas',
'type': 'municipal government'},
{'industry': 'energy/utilities',
'location': 'Greenville, Texas, USA',
'name': 'Greenville Electric Utility System (GEUS)',
'type': 'public utility'}],
'customer_advisories': ['GEUS customers notified of disabled online payments',
'public updates on system restoration'],
'data_breach': {'data_encryption': True,
'personally_identifiable_information': 'no evidence (as of '
'disclosure)',
'sensitivity_of_data': ['moderate (police records)',
'low (utility billing)'],
'type_of_data_compromised': ['internal files']},
'date_detected': '2024-08-05',
'date_publicly_disclosed': '2024-08-12',
'description': 'The City of Greenville, Texas, experienced a ransomware '
'attack in early August 2024, disrupting access to critical '
'systems, including police records and utility billing. The '
'city isolated affected systems, engaged third-party '
'investigators, and retained privacy counsel. While some '
'internal files were impacted, there is no current evidence of '
'compromised personal information. Restoration efforts are '
'ongoing, with partial recovery of police records expected by '
'mid-August, though full system recovery may take weeks. '
'Emergency services (911) remained operational, but '
'non-emergency services like online payments for Greenville '
'Electric Utility System (GEUS) were temporarily disrupted.',
'impact': {'data_compromised': ['internal files (police records, utility '
'billing)'],
'downtime': {'geus_online_payments': None,
'police_records': 'weeks (partial restoration '
'expected by 2024-08-13)',
'public_information_act_requests': 'pending (20 '
'requests '
'unfulfilled)'},
'identity_theft_risk': 'no evidence (as of disclosure)',
'operational_impact': ['inability to fulfill Public Information '
'Act requests',
'delayed Attorney General rulings on '
'records',
'intermittent phone outages',
'GEUS online payments disabled'],
'systems_affected': ['city servers',
'police records system',
'Greenville Electric Utility System (GEUS) '
'billing/payment system',
'phone lines (intermittent outages)']},
'initial_access_broker': {'high_value_targets': ['police records',
'utility billing systems']},
'investigation_status': 'ongoing (third-party investigation)',
'ransomware': {'data_encryption': True},
'references': [{'date_accessed': '2024-08-12',
'source': 'Texas Attorney General’s Office'},
{'date_accessed': '2024-08-12',
'source': 'The News-Sentinel (TNS)'}],
'regulatory_compliance': {'regulatory_notifications': ['Texas Attorney '
'General’s Office '
'(disclosure)']},
'response': {'communication_strategy': ['public disclosure via Texas Attorney '
'General’s Office (2024-08-12)',
'updates on system restoration '
'progress'],
'containment_measures': ['isolated affected systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['restoration of police records system '
'(partial by 2024-08-13)',
'gradual recovery of other files/systems'],
'third_party_assistance': ['privacy counsel',
'third-party cybersecurity firm '
'(investigation/mitigation)']},
'title': 'Ransomware Attack on the City of Greenville, Texas',
'type': 'ransomware'}