The Anchorage Police Department is responding to a security incident involving Whitebox Technologies, a data migration vendor that alerted officials of a breach on January 7. While there is currently no evidence that police data was stolen or systems compromised, the city has disconnected all third-party access and wiped its remaining data from the vendor's servers.
Following a security alert from Whitebox Technologies in early January, the Anchorage Police Department took immediate steps to isolate its infrastructure from the vendor. The city’s information technology team deactivated relevant servers and cut off access for all third-party service providers to prevent any potential lateral movement by hackers. This proactive response was designed to protect the data of Alaska’s largest city, which serves approximately 300,000 residents.
The IT department also managed the complete removal of Anchorage police data from the service provider's hardware to eliminate further risk. While the vendor is currently leading an independent investigation into the breach, municipal officials are maintaining close oversight of the situation. The police department emphasized that they are continuing to monitor their internal systems for any signs of unusual activity or unauthorized access.
Current assessments by the police department suggest that no sensitive information was actually acquired by the threat actors and that the department's own systems remain secure. Despite the lack of evidence of a data leak, officials have committed to implementing additional protective measures to strengthen their cybersecurity posture. They have also promised to notify any individuals who might be found to be impacted as the investigation progresses.
Spokespeople for the department clarified that this cyberattack is unrelated to a recent outage of the city's 311 system. They declined to provide specific details regarding the type of attack or the methods used by the hackers. Whitebox Technologies, which serves various government agencies in states like Washington and New Jersey, has not yet issued a public comment regarding the scope of the incident.
This event reflects a broader trend of hackers targeting the external contractors and service providers that local governments rely on for data management. By attacking these third-party links, cybercriminals can potentially gain access to multiple municipalities through a single point of entry. Similar incidents have occurred recently across the United States, highlighting the ongoing vulnerability of local government infrastructure to supply chain breaches.
Source: Anchorage Police Department Takes Servers Offline After Provider Cyberattack
Solid execution on the containment side. APD didn't wait for confirmation of data exfiltration before isolating systems and cutting vendor acces, which is exactly how you limit blast radius when third parties get compromised. I've seen orgs hesitate on vendor disconnects because of operational concerns and end up with lateral spread they cant contain. The supply chain attack surface is massive once you map all the credentials floating around with managed service providers.