Every day, there are repeated attempts by cybercriminals attempting to obtain access to digital information systems. This is not unique to Modesto and is happening every day to virtually every private business and municipality in the world.
Unfortunately, on February 3, 2023, the City of Modesto experienced a cybersecurity attack on its Information Technology (IT) systems. The attack was quickly isolated by the IT Department staff and because of the quick thinking and professionalism of our IT staff, the attack was limited to a single department. Despite this attack, City services remained available to the residents of Modesto including the response to 911 calls by our Police and Fire departments.
As part of the City’s pre-planned response to any cybersecurity attack, the City immediately engaged its cybersecurity insurance company who promptly assigned a group of cyberattack response experts to block additional intrusions, analyze and investigate the nature and scope of the attack, and to recover and restore our systems. From start to finish, the recovery process lasted approximately 5 weeks.
Our world is extremely interconnected and cyber threats have become so diverse that simply having the right technical tools in place isn’t enough to prevent attacks from happening and mitigating the fallout. It’s important to consider the human element and ensure that there is a well-trained team of experts who know what to do when something goes wrong. This was foundational to the City’s response to its recent incident.
Late last year, the City determined that incident response preparedness for events such as this through regular planning and exercising is key not only for threat detection but also threat mitigation. Simply put, because of prior investments in incident response planning and trainings that took place before this incident occurred, the team knew how to detect early warning signs, and how those should be addressed to limit the incident in a worst-case scenario.
As a part of our investigation into the incident, we conducted an extensive and thorough review of any information that may have been accessed by the threat actor who initiated the attack with the assistance of third-party forensic investigators. We have determined that some files accessed by the threat actor responsible for this attack may have included some personally identifiable information.
Although our preparation for events such as this allowed us to quickly contain the threat and significantly reduce the impact of the attack, this information was still accessed. We deeply regret that the threat actor was able to access this information and apologize to anyone who was affected by this. In accordance with applicable law, we mailed letters to any affected individuals whose information may have been involved in this incident.
We understand that some may feel like the City should have provided more information about this incident sooner. Once this incident occurred, an investigation was initiated with the assistance of cybersecurity experts in law enforcement. As a result, we were limited in the amount of information that we are able to share in order to protect the integrity of the investigation. There are still some details related to our investigation and response to this incident that we still can’t make public because it could jeopardize the security of our systems moving forward, or the integrity of our ongoing investigation.
We are incredibly grateful for our community’s support and patience as we have worked to resolve this issue. We will continue to enhance our security measures and protocols to help prevent an incident like this from reoccurring.