This browser does not support the Video element.
The latest on the St. Paul cyberattack
FOX 9's Rob Olson has the latest on the St. Paul cyberattack that demanded ransom.
ST. PAUL, Minn. (FOX 9) - The City of St. Paul is reaching out to thousands of people whose personal data may have been compromised in a 2025 cyberattack.
City completes notifications after cyberattack exposed personal data
What we know:
The City confirmed that a criminal group gained unauthorized access to its systems in July 2025, targeting a shared Parks and Recreation network drive. The breach led to the theft of about 43 gigabytes of data, which included sensitive information for 12,484 people, such as names, addresses, phone numbers, dates of birth and Social Security numbers.
Timeline:
The City’s cybersecurity systems first detected suspicious activity on July 25, 2025. Immediate steps included deactivating compromised accounts and isolating servers. A national cybersecurity vendor was brought in on July 26, VPN access was restricted on July 27 and the network was shut down on July 28 to fully remove the threat. After refusing to pay a ransom, the City began a detailed review of the exposed data, working with an outside vendor to identify all affected individuals.
What they're saying:
"Since the incident, the City has partnered with federal, state, and local law enforcement partners and contracted with a forensic investigator to securely review the affected data to identify individuals whose information may have been improperly accessed," city officials said. "Now that the review is complete, the City is sending out individual notifications to those impacted."
The city’s response included a rapid containment effort, dubbed Operation Secure St. Paul, which involved shutting down compromised accounts, disabling VPN access for most employees and eventually shutting down the broader network to remove the attackers. The city also refused to pay a ransom, which led to some data being posted on a leak site on Aug. 11, 2025.
Support and identity protection for affected individuals
Why you should care:
The breach affected not only current and former City employees, but also interns, volunteers and people who participated in Parks and Recreation programs. The City is offering one year of free IDX identity protection services to everyone impacted and has set up a call center at 1-888-204-2071 for questions or concerns.
What we don't know:
The City has not detailed whether any additional systems outside of Parks and Recreation were affected or if there have been any reports of identity theft resulting from the breach.
The Source: Information from the City of Saint Paul.