The City of Atlanta is committed to making sure that employees and the public are kept informed after a March 22 ransomware cyberattack affected multiple applications and client devices. A cross-functional team, including public and private sector partners, is working around-the-clock assessing what occurred and how best to protect our city from not just this attack, but others the city may face in the future.
While some customer applications are disabled, the City continues to operate and is open for business on behalf of its residents. City employees and residents are encouraged to visit this site regularly for updates.
Frequently Asked Questions (FAQs)
About the Incident:
Q. What happened?
A. On Thursday, March 22, the City of Atlanta experienced a ransomware cyberattack that affected multiple applications and client devices. As a result, some City data is encrypted and customers are not able to access City applications. Atlanta Information Management (AIM), the City’s technology department, is working to restore service.
Q. How was the city made aware of the attack?
A. AIM officials were made aware of an outage on Thursday, March 22 at 5:40 a.m., which affected various internal and customer facing applications that are used to pay bills or access court related information.
Q. What course of action was taken upon learning of the attack?
A. A cross-functional incident response team was assembled with both the public and private sector, including not only City officials, but law enforcement, the FBI, Department of Homeland Security, the Secret Service and independent forensic experts to help us assess what occurred and how best to protect our city from not just this attack, but others the city may face in the future.
Q. Who is investigating the attack? What have you learned from the investigation so far?
A. The City is working with numerous private and governmental partners, including Homeland Security and the Secret Service. The extent of the compromise is still being investigated. As a precaution, we are operating and investigating the matter as if personal, financial or employee data have been compromised.
Q. What are you doing to fix the problem? How long will it take?
A. Our cross-functional incident response team is looking into this matter and working around-the- clock. It would be inappropriate to speculate on when this matter will be fixed, but we are committed to resolution.
Q. What information may have been affected? Is there evidence of misuse?
A. At this time, we have not seen any evidence that personal information has been misused as a result of this incident. However, as always, residents are encouraged to take precautionary measures to maintain the safety and security of their personal information.