Two months after a cyber intrusion into the City of Suffolk’s network, officials are now notifying the public that personal information may have been accessed—though investigators still cannot confirm what data, if any, was taken.

According to the city, the Cybersecurity and Infrastructure Security Agency (CISA) alerted Suffolk on February 25 that a malicious actor may have exfiltrated data from municipal systems. It does not appear the city issued any public notification at the time.

What Happened

City officials report that a “threat actor” gained access to Suffolk’s network and attempted to deploy ransomware. Staff detected the intrusion and shut it down.

Data was possibly exfiltrated during the window of unauthorized access, the city is warning.

Suffolk acknowledges investigators still do not know what specific information—if any—was viewed or taken. The city says it’s possible that names and personally identifiable information may have been accessed.

Suffolk said the city’s management, IT staff, and third-party cybersecurity experts began investigating, securing personal information, and protecting the network.

OPTINorton 360 Deluxe for 5 Devices|Advanced AI Scam Protection | VPN & Dark Web Monitoring

The city said it reported the attack to the FBI and the Virginia Fusion Center.

The city stated that additional security measures were implemented, including engaging a strategic service provider to monitor cybersecurity systems, reviewing the system’s architecture, and implementing stronger policies.

Suffolk also claims more steps are being taken to implement additional safeguards and review policies and procedures relating to data privacy and security.

The public is advised to be on the lookout for possible identity theft and fraud, review accounts, and monitor credit reports.

Suffolk said the investigation remains ongoing.

WATCH:

Follow the Watchful Eye on X, Facebook, Instagram, Rumble & YouTube
to keep up with what’s happening in Virginia.

---