Alabama says ‘cybersecurity event’ could disrupt state government services

Alabama’s governor said the state is responding to a “cybersecurity event” and is advising residents to be patient with any disruptions to government website access or other communications.

Gov. Kay Ivey made the announcement on Monday morning, and local media reported later in the day that the government’s response was ongoing. Ivey’s statement said “some state employee usernames and passwords were compromised," but "it is currently believed that no Alabamian’s personally identifiable information has been retrieved.”

The incident was first detected on May 9, Ivey said, and teams from the state Office of Information Technology (OIT) “have been working around-the-clock to identify and mitigate any impacts.” OIT created a web page specifically for updates.

Investigators don’t yet know the full scope of the attack or who is responsible, Ivey said, but her statement noted that “all state employees are being reminded to be cautious for potentially malicious emails.”

As is typical for this kind of event, the state government said it brought in a third-party cybersecurity firm to help with incident response.

As of early Tuesday morning, the state had not provided further updates.

Cyberattacks on state and local government agencies have become common in recent years. Examples include Rhode Island’s benefits system, Oregon’s environmental agency and the office of Virginia’s attorney general, as well as the city governments of Abilene and Mission in Texas, and systems in a Pennsylvania county.