Officials in New Britain are still assessing the damage more than two months after a cyberattack hit city systems, potentially exposing some personal information.
A spokesperson for Mayor Bobby Sanchez said recently that there's no indication of widespread exposure of resident data. However, hackers may have gained access to some sensitive records during the Jan. 28 incident, including names, dates of birth, government-issued identification numbers and financial account and health-related information, according to the city.
Officials have released few details about what occurred, citing the ongoing investigation.
“Investigations of this nature are complex and must be handled carefully to protect the integrity of the review, support any potential law enforcement activity, and ensure accurate information is shared,” said Alisha Rayner, the mayor's spokesperson.
The city detected the attack after an employee spotted unusual activity on a workstation. Several municipal systems "experienced disruption" during the incident, though an investigation found the "unauthorized activity was more limited in scope," according to the city.
Cyberattacks on cities and towns have grown more common. Hackers breach or damage computer systems to steal sensitive data or hold systems for ransom — a scenario officials in New Britain faced, according to Evan Allard, the director of the Connecticut Intelligence Center, which is a part of the state Department of Emergency Services and Public Protection.
“Any organization that has sensitive or private data that you know they want to keep within their own systems, these ransomware actors are targeting them because it creates a sense of urgency towards paying it back,” Allard said.
New Britain consulted with a team of response experts at Cowbell Resiliency Services to determine the best course of action. It’s unclear whether the city paid a ransom. Responding by email to questions from Connecticut Public, Rayner said the city evaluated multiple response options, including restoring from backups.
"Based on that assessment, including operational impact, recovery timelines, and overall cost considerations, a course of action was taken to resolve the incident as quickly and securely as possible," Rayner wrote.
Rayner said the financial hit to the city was limited because New Britain carries cybersecurity insurance. It has a $25,000 deductible under the policy, she said.
New Britain is providing credit monitoring and identity protection services to people who were potentially impacted.
While the investigation continues, the Common Council voted to replace New Britain's existing cybersecurity system. The city executed a three-year contract with Cowbell Resiliency Services that includes round-the-clock security monitoring for a cost of $66,000 per year.
“It's a full-on platform that is a little bit more enhanced and at a larger cost," Jonathan Delgadillo, the city’s director of support services, said at a recent meeting. "But again, I think it's the best thing for the city,”
New Britain Alderman John McNamara said he's satisfied with the city’s handling of the cyberattack.
“I believe the city is taking appropriate steps and is advising city employees and taxpayers on what's going on with it,” McNamara said. “I’m looking for additional reports and to take action in terms of anything that has to be improved upon.”
