Cyberthreat to Alabama state government ‘neutralized’

The government of Alabama says it has wrapped up the response to a cyberattack on state systems that was first identified about 10 days ago, and it won’t be offering further details about the nature of the incident.

“Following a thorough investigation and coordinated response, OIT can confirm that the threat has been neutralized and Alabama’s core operations are safe and stable,” the state Office of Information Technology (OIT) said in an update Tuesday.

OIT said it worked with unspecified “cybersecurity experts” to respond to the attack, which was first discovered on May 9. 

A May 16 post said there was “no evidence of exfiltration of the personally identifiable information of Alabama citizens,” and there had been no major disruptions in services.

“The public will undoubtedly be curious to know the identity of the bad actor(s) behind this event,” Tuesday’s update said. “Unfortunately, OIT is unable to attribute this attack to any specific individual or organization as our efforts have been solely focused on responding to and mitigating the threat.”

Previous communications had said the intruders had gained access to usernames and passwords of some state employees’ accounts. OIT asked agencies to reset passwords as a precaution.

“Any possible criminal investigations related to this event will be handled by the appropriate state and federal law enforcement agencies, and OIT will gladly offer its support to those investigations if requested,” OIT said Tuesday.

Typical cyberthreats to state and local governments include ransomware and financial scams. A recent example is a data breach in Rhode Island’s state benefits system. Officials there released a timeline of the incident last week.

Oregon’s environmental agency said in late April that it was working on a report about a cyberattack earlier in the month. Officials had not engaged in any negotiations with the attackers, the agency said.