Alabama state government says cyber incident’s effects are limited, but response continues

Alabama’s technology office says a “cybersecurity event” first discovered May 9 has not caused major disruptions to state services, but incident responders are still working around the clock to contain its effects.

In an update posted Tuesday, the Office of Information Technology (OIT) said it has called in two incident response teams from third-party firms, “maintaining 24 hours-a-day, 7 days-a-week mitigation activities as technical specialists work extended shifts to ensure a continuous, uninterrupted response to this event.”

OIT has not described the nature of the incident, but a statement Monday from Gov. Kay Ivey said that state employees had been reminded to be careful with suspicious emails, and that it appeared some employee passwords had been compromised.

Tuesday’s update said all state agencies had been asked to reset employee passwords.

“At this time, no major disruptions to State services have been traced to the event and there is no evidence of exfiltration of the personally identifiable information of Alabama citizens,” the OIT update said.

Public information about the incident has been limited.

“As this is an active, ongoing investigation, updates will be provided as new information becomes available and security protocol allows,” the agency said. “OIT is working diligently to balance transparency and security interests as this situation progresses.”

The state government has about 29,000 employees across two dozen agencies, according to the most recent report from its personnel office.