The Nevada state government agencies, including the Division of Insurance (DOI) and Department of Motor Vehicles (DMV), suffered a ransomware attack on August 24, disrupting critical operations. The DOI’s website remained offline for days, though phone lines and emails were partially restored. A forensic review confirmed data exfiltration, with some information moved outside the state’s network, though officials clarified that no DMV data was stolen. The attack prompted a multi-agency response, including the FBI, with state and federal teams investigating the breach. While core financial systems were reportedly secure, the incident forced the DMV to resume in-person services for registrations, title transfers, and driver’s licenses. The attack’s broader impact included system outages, staged recovery efforts, and potential risks to consumer data, though the full scope of the breach remains undisclosed. The incident highlights vulnerabilities in government infrastructure and the operational disruptions caused by cyber extortion campaigns.
TPRM report: https://www.rankiteo.com/company/nevada-division-of-insurance
"id": "nev0092600090825",
"linkid": "nevada-division-of-insurance",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'insurance regulation',
'location': 'Nevada, USA',
'name': 'Nevada Division of Insurance (DOI)',
'type': 'government agency'},
{'customers_affected': 'none (no DMV data stolen)',
'industry': 'transportation',
'location': 'Nevada, USA',
'name': 'Nevada Department of Motor Vehicles (DMV)',
'type': 'government agency'},
{'industry': 'business regulation',
'location': 'Nevada, USA',
'name': 'Nevada Department of Business and Industry',
'type': 'government agency'},
{'industry': 'automotive',
'location': 'global (HQ: UK)',
'name': 'Jaguar Land Rover',
'type': 'private company'},
{'customers_affected': '1,000,000+',
'industry': 'insurance',
'location': 'USA',
'name': 'Farmers Insurance',
'type': 'private company'},
{'industry': 'cloud CRM',
'location': 'USA',
'name': 'Salesforce (third-party vendor)',
'type': 'private company'}],
'attack_vector': ['phishing/social engineering (suspected for Salesforce '
'breach)',
'exploit of third-party vendor (Salesforce)'],
'customer_advisories': ['Nevada DMV: in-person services resumed',
'Farmers Insurance: breach notification to affected '
'customers'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': ['1,000,000+ (Farmers Insurance)',
None],
'personally_identifiable_information': ['likely (Farmers '
'Insurance)'],
'sensitivity_of_data': ['high (PII likely for Farmers '
'Insurance)',
None],
'type_of_data_compromised': ['customer records (Farmers '
'Insurance)',
'undefined state data (Nevada)']},
'date_detected': '2024-08-24T00:00:00Z',
'date_publicly_disclosed': '2024-08-28T00:00:00Z',
'description': 'The Nevada Division of Insurance (DOI) and Department of '
'Motor Vehicles (DMV) were impacted by a ransomware attack '
'identified on August 24. The attack disrupted state systems, '
'including the DOI website, which remained unavailable as of '
'August 30. Some data was exfiltrated, though no DMV data was '
'reported stolen. The state engaged in recovery efforts with '
'support from federal teams, including the FBI. Separately, '
'Jaguar Land Rover systems were disrupted by a cyber attack, '
'and Farmers Insurance reported a breach affecting over 1 '
'million customers via a third-party vendor (Salesforce), '
'linked to the hacking group ShinyHunters/Scattered Spider.',
'impact': {'brand_reputation_impact': ['potential reputational damage to '
'Nevada state agencies',
'Farmers Insurance',
'Salesforce'],
'data_compromised': ['some state data (scope undefined)',
'1+ million Farmers Insurance customer '
'records'],
'downtime': ['DOI website (since 2024-08-24, unresolved as of '
'2024-08-30)',
'DMV in-person services partially restored by '
'2024-08-29',
'Jaguar Land Rover (ongoing as of 2024-08-30)'],
'identity_theft_risk': ['high (for 1+ million Farmers Insurance '
'customers)'],
'operational_impact': ['DOI phone lines/emails restored for most '
'teams by 2024-08-28',
'DMV resumed in-person registrations/title '
'transfers (2024-08-29) and driver’s '
'license services (2024-08-30)',
'Nevada OEM created dedicated update '
'website',
'Nevada Department of Business and Industry '
'launched temporary contact page'],
'systems_affected': ['Nevada DOI website',
'Nevada DMV systems (partially restored)',
'Nevada Department of Business and Industry '
'systems',
'Jaguar Land Rover systems',
'Salesforce (third-party vendor for Farmers '
'Insurance)']},
'initial_access_broker': {'data_sold_on_dark_web': ['likely (Farmers '
'Insurance data)']},
'investigation_status': 'ongoing (FBI involved for Nevada attack)',
'motivation': ['financial gain (ransomware)',
'data theft (Salesforce breach)'],
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2024-08-30',
'source': 'Nevada Division of Insurance Facebook Post'},
{'date_accessed': '2024-08-30',
'source': 'Nevada Office of Emergency Management (OEM) '
'Webpage'},
{'date_accessed': '2024-08-29',
'source': 'News 4 (NBC affiliate)'},
{'date_accessed': '2024-08-30',
'source': 'BleepingComputer (Salesforce/Farmers Insurance '
'breach)'},
{'date_accessed': '2024-08-30',
'source': 'Jaguar Land Rover Incident Notification'}],
'response': {'communication_strategy': ['Facebook updates (Nevada DOI)',
'dedicated OEM webpage',
'media statements (Governor '
'Lombardo)'],
'containment_measures': ['some Nevada state systems taken '
'offline',
'staged restoration of services'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['around-the-clock recovery efforts '
'(Nevada)',
'temporary contact pages (Nevada agencies)',
'in-person DMV services resumed'],
'third_party_assistance': ['FBI (Nevada attack)', None]},
'stakeholder_advisories': ['Nevada OEM updates',
'Governor Lombardo’s statements',
'Farmers Insurance customer notice'],
'threat_actor': ['unknown (Nevada ransomware)',
'ShinyHunters/Scattered Spider (Salesforce/Farmers Insurance '
'breach)'],
'title': 'Ransomware Attack on Nevada State Government Agencies and Related '
'Cyber Incidents',
'type': ['ransomware', 'data breach', 'cyber attack']}