Skip to main content
close search
site logo
Dive Brief

St. Paul, Minnesota, fell victim to a cyberattack in July. It’s still recovering.

The city worked with the FBI and Minnesota National Guard in the wake of an incident that revealed the increasing severity of cyberattacks on cities.

Published Oct. 30, 2025
Ryan Kushner's headshot
Editor
An aerial view of St. Paul, Minnesota depicts buildings and a bridge near a river.
The St. Paul, Minnesota, skyline. Months after a ransomware attack, the city is still in the process of restoring its digital systems. Getty Images

Dive Brief:

  • St. Paul, Minnesota, announced last week that more than 75% of its digital systems have been restored after a ransomware attack caused the city to implement a full network shutdown in July.
  • The city has worked with state and federal agencies — including the Federal Bureau of Investigation and the Minnesota National Guard — since the threat was detected. After the city refused to pay ransom, a threat actor exposed 43 gigabytes of data from St. Paul’s Parks and Recreation network drive in August.
  • The city said it is focused on restoring critical systems first as it gradually comes back online in the aftermath of the attack.

Dive Insight:

In being the victim of a cybersecurity attack, St. Paul is not unique, according to Mayor Melvin Carter. 

Carter said six network security incidents have been reported across different jurisdictions in Minnesota in just the past year.

“This is a very serious threat for us, and it’s an emerging threat,” Carter said at a state legislative commission on cybersecurity Aug. 27. “As the protections get more and more sophisticated, the attacks continue to get more and more sophisticated.” 

After the threat was discovered, the city implemented a full network shutdown July 28 to lock out the threat actor before beginning a secure recovery and restoration effort. It collaborated with its emergency management team to activate its emergency operations center, bringing together local, state and federal partners, including the Minnesota National Guard’s Cyber Protection Team, to begin forensic investigation and containment, according to Carter. The city’s 911 and emergency services remained active throughout the incident. 

In mid-August, the city hosted a global password reset and device security check at an auditorium for city employees.

“We had closed the door with the network shutdown, now we needed to change the locks,” Carter said.

Over the course of three days, more than 3,000 city employees filtered in and out of the secure auditorium to reset their passwords and have their devices reviewed.

“It was an incredible lift,” said Carter. “Thanks to these efforts, our 3,500 St. Paul city employees now have probably the absolute longest passwords of their entire lives.”

After the Parks and Recreation network data was exposed Aug. 11, “we immediately began reviewing the files to identify impacted employees and are following all legal notification requirements,” said Jaime Wascalus, director and chief information officer of the city’s Office of Technology and Communications. 

The city also offered every employee 12 months of identity theft protection and credit monitoring. 

Carter credited prior security-shoring efforts, such as establishing a chief information security officer role in 2022, for ensuring the city was ready to mobilize after the attack and prevent the breach from being worse.

As the city continues to recover, its leaders hope to share lessons learned with other municipalities.

“Resilience is not built in the moment of crisis,” Carter said. “It comes from sustained investment, discipline, preparation and trusted partnerships long before an attack ever arrives.”

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
TRADEWINDS NETWORKS WINS 2025 MOBILE BREAKTHROUGH AWARD FOR SOCIAL IMPACT
From Tradewinds Networks, Inc.
October 30, 2025

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Tech & Data
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.