On January 11, 2024, the Town of Bourne’s IT network was compromised, triggering a criminal investigation by the Bourne Police Department. While the exact nature of the breach (e.g., ransomware, phishing, or direct hacking) was not disclosed, authorities confirmed the network was infiltrated, raising concerns over potential exposure of sensitive municipal or law enforcement data. The press release emphasized that police services remained operational, and town phone/email systems were unaffected, suggesting the attack was contained to specific segments of the IT infrastructure. However, the lack of clarity on compromised data whether internal employee records, citizen information, or operational systems leaves uncertainty about the full scope.The incident aligns with broader trends in Massachusetts, where 1 in 6 municipalities faced ransomware attacks in 2020, often involving data theft or operational disruptions. Bourne’s case, coupled with a simultaneous phishing attack in Eastham (where fraudulent emails impersonated the town manager), underscores vulnerabilities in local government cybersecurity. The state’s push for mandatory reporting via the *Municipal Empowerment Act* reflects growing recognition of such breaches as systemic risks, though Bourne’s specific losses (financial, reputational, or data-related) remain undisclosed pending investigation.
TPRM report: https://www.rankiteo.com/company/townofbourne
"id": "tow4632146110325",
"linkid": "townofbourne",
"type": "Breach",
"date": "6/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Local Government',
'location': 'Eastham, Massachusetts, USA',
'name': 'Town of Eastham',
'type': 'Municipality'},
{'industry': 'Local Government / Law Enforcement',
'location': 'Bourne, Massachusetts, USA',
'name': 'Town of Bourne (Including Bourne Police '
'Department)',
'type': 'Municipality'}],
'attack_vector': ['Phishing (Spoofed Emails)', 'Unknown (Network Compromise)'],
'customer_advisories': ['Eastham Residents Warned About Spoofed Emails from '
'Town Manager'],
'data_breach': {'personally_identifiable_information': 'None Reported '
'(Eastham)'},
'date_detected': ['2024-01-11', '2024-01-13'],
'date_publicly_disclosed': ['2024-01-11', '2024-01-13'],
'description': 'Two Cape Cod municipalities, Eastham and Bourne, experienced '
'cybersecurity incidents within one week in January 2024. '
'Eastham reported a phishing-like incident involving spoofed '
"emails from the Town Manager, while Bourne's IT network was "
'compromised, prompting a criminal investigation. No evidence '
'of sensitive data compromise was reported in Eastham, and '
"Bourne's police services remained operational despite the "
'breach. The incidents highlight broader concerns about '
'municipal cybersecurity in Massachusetts, prompting Gov. '
"Maura Healey's proposal for mandatory reporting of such "
"incidents to the state's Executive Office of Technology "
'Services and Security (EOTSS).',
'impact': {'brand_reputation_impact': 'Potential (Public Disclosure of '
'Breaches)',
'identity_theft_risk': 'None Reported (Eastham)',
'operational_impact': ['Public Advisory Issued (Eastham)',
'Criminal Investigation Launched (Bourne)'],
'systems_affected': ['Town Email System (Eastham)',
'IT Network (Bourne)']},
'initial_access_broker': {'entry_point': ['Spoofed Email (Eastham)',
'Unknown (Bourne IT Network)']},
'investigation_status': ['Ongoing (Bourne, as of January 2024)',
'Closed (Eastham, no sensitive data compromised)'],
'lessons_learned': 'The incidents underscore the need for standardized '
'cybersecurity reporting and state-level support for '
"municipalities, as highlighted by Gov. Healey's proposal. "
'Smaller municipalities often lack resources to handle '
'cyber threats independently, necessitating collaboration '
'and shared resources.',
'post_incident_analysis': {'corrective_actions': ['Proposed Statewide '
'Mandatory Reporting (H 56)',
'Increased State Funding '
'for Municipal '
'Cybersecurity ($13M)'],
'root_causes': ['Likely Phishing/Spoofing '
'(Eastham)',
'Unknown (Bourne, under '
'investigation)']},
'recommendations': ['Implement Mandatory Cybersecurity Incident Reporting for '
'Municipalities (Proposed in H 56)',
'Expand State Grant Funding for Municipal Cybersecurity '
'($13M Recently Allocated)',
'Enhance Public-Private Partnerships for Threat '
'Intelligence Sharing',
'Provide Training for Municipal Employees on Phishing and '
'Spoofing Attacks',
'Establish Statewide Cybersecurity Task Force for '
'Municipalities'],
'references': [{'source': 'State House News Service / State Affairs Pro '
'Massachusetts'},
{'source': 'NBC Boston (2020 Report on Massachusetts '
'Ransomware)'}],
'regulatory_compliance': {'regulatory_notifications': 'Proposed Mandatory '
'Reporting Under '
'Municipal Empowerment '
'Act (H 56)'},
'response': {'communication_strategy': ['Press Release (Bourne)',
'Public Advisory (Eastham)'],
'containment_measures': ['Public Warning to Delete Spoofed '
'Emails (Eastham)'],
'incident_response_plan_activated': ['Public Advisory (Eastham)',
'Criminal Investigation '
'(Bourne)'],
'law_enforcement_notified': 'Yes (Bourne Police Department)'},
'stakeholder_advisories': ['Public Advisory to Delete Spoofed Emails '
'(Eastham)',
'Joint Statement from Town of Bourne and Bourne '
'Police Department'],
'title': 'Cybersecurity Incidents in Eastham and Bourne, Massachusetts '
'(January 2024)',
'type': ['Cybersecurity Incident (Phishing/Spoofing)', 'Network Compromise']}