The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program designed to standardize and streamline the assessment, authorization and continuous monitoring of cloud
In 2024, the public sector faced a number of data breaches, highlighting the vulnerability of government agencies and public institutions in the face of evolving cyber threats. From leaked sensitive data to ransomware attacks targeting critical infrastructure, these incidents exposed significant gaps in cybersecurity measures. As cybercriminals grow more sophisticated, the stakes for protecting personal and national data have never been higher. This blog post explores some of the data breaches within the public sector in the last quarter of 2024, their implications and the lessons learned for increasing security in 2025.
Federal
Recent high-profile cyber attacks, such as the Salt Typhoon breach and the infiltration of the U.S. Treasury Department, highlight the need for stronger cybersecurity defenses within the federal government.
Salt Typhoon cyber attack
The Salt Typhoon cyber attack gained global attention in recent months due to its extensive impact on public sector organizations. This sophisticated and highly coordinated cyber attack has been attributed to a Chinese government-affiliated hacking group. The attackers infiltrated U.S. telecommunications networks, leveraging their access to geolocate individuals and intercept phone calls. Major telecom providers, including AT&T, Verizon and T-Mobile, were among the targets, sparking significant national security concerns.
As a result, the Cybersecurity and Infrastructure Security Agency (CISA) issued guidelines to enhance mobile communication security for high-value government targets.
Key recommendations include:
- End-to-end encrypted messaging
- Phishing-resistant authentication
- Avoid SMS-based authentication
- Regular software updates
- Use a password manager
- Set telecom account PINs
United States Treasury Department
On December 30, the United States Treasury Department reported a cybersecurity breach that has been attributed to Chinese state-sponsored hackers. The attackers exploited vulnerabilities in BeyondTrust, a third-party cloud security provider, to gain unauthorized access to unclassified Treasury documents and workstations.
BeyondTrust detected suspicious activity on December 2 and informed the Treasury on December 8 that hackers had obtained an API key for a cloud-based service used for technical support. This allowed the attackers to bypass security measures, remotely access workstations and retrieve unclassified documents.
The compromised service has since been taken offline, and the Treasury believes the hackers’ access has been terminated. CISA and the Federal Bureau of Investigation (FBI) are investigating the breach.
State and local government
Here are some recent breaches that affected state agencies and municipalities in Q4.
State of Rhode Island
In December 2024, Rhode Island’s RIBridges system, which manages public benefits such as Medicaid and SNAP, suffered a major cyber attack. Hackers infiltrated the system on December 5 and threatened to release sensitive data unless a ransom was paid. The breach potentially exposed the personal information of approximately 650,000 individuals — over half the state’s population — including names, addresses, dates of birth, Social Security numbers and some banking details.
In response, the state took the RIBridges system offline on December 13 to mitigate the threat and initiated an investigation. The system’s shutdown disrupted the processing of public assistance applications, forcing residents to use paper forms for benefits like Medicaid and SNAP. Additionally, the state’s health insurance marketplace, HealthSource RI, was affected, complicating enrollments during the open enrollment period.
On Monday, December 30, state officials announced that some residents’ files were released by the hackers to a site on the dark web. Residents who may have been affected have been advised to take steps to protect their financial information, such as freezing their credit, requesting fraud alerts and using Multi-Factor Authentication (MFA) on all accounts.
Minneapolis Park and Recreation Board
On November 20, 2024, the Minneapolis Park and Recreation Board (MPRB) experienced a cyber attack that has been attributed to the ransomware group RansomHub. The attack led to a system-wide phone outage, disrupting communication channels. As of December 30, the phone lines remained down, with temporary numbers established for public contact.
RansomHub claimed responsibility for the attack and said they have approximately 235GB of sensitive data, including financial documents, insurance certificates and personal employee information. In response to the attack, MPRB advised the public to use alternative communication methods, such as calling 911 for emergencies and emailing info@minneapolisparks.org for administrative matters.
Hoboken, New Jersey
In November 2024, the city of Hoboken, New Jersey, experienced a ransomware attack that disrupted all digital city services, leading to the closure of City Hall and suspension of municipal court and street cleaning services.
The city collaborated with federal law enforcement, the Hoboken Police Department and third-party specialists to investigate and restore services. By early December, most online services, including the sale of parking permits, were operational, though some systems like email and WiFi took longer to be restored. The city did not disclose whether any cybercriminal organization claimed responsibility for the attack. This incident comes on the heels of other cyber attacks in New Jersey, including a recent attack on American Water Works Company that disrupted billing systems, and a July attack on New Jersey City University by the Rhysida ransomware gang, causing significant disruptions before the school year.
White Lake Township, Michigan
White Lake Township in Oakland County, Michigan, experienced a sophisticated cyber attack in November that compromised a financial transaction related to a new issue of infrastructure bonds. This incident has led to the temporary suspension of the township’s $35 million civic center project, which includes plans for a new town hall and public safety facility.
Federal authorities and impacted financial institutions are actively investigating the breach in coordination with the White Lake Township Police Department. The township is also conducting a comprehensive review of its internal systems and procedures to enhance cybersecurity measures.
Education
Here are some examples of recent cyber attacks in the education sector.
Wayne-Westland Community Schools
In early December, Wayne-Westland Community Schools in Michigan faced a series of disruptions, including a districtwide cyber attack that disabled internet and phone services, a school lockdown due to a nearby police incident and a potential threat leading to a school closure. These events led to frustration among parents, with some choosing to keep their children at home due to safety concerns and perceived communication gaps from the district. Parent Lanisha Streeter mentioned, “I have no clue what’s going on right now,” highlighting the lack of clear information.
In response, the district implemented alternative communication methods, such as using cell phones and distributing WiFi hotspots to school offices. By mid-December, the district began restoring internet access, with teachers expressing relief as normalcy returned. The investigation into the cyber attack is ongoing, with officials believing that no student data was breached.
Marysville Schools
Marysville Schools in Ohio experienced a cybersecurity incident in October that led to the cancellation of classes on Monday, October 28. Schools reopened on Tuesday, October 29, but teachers and staff had limited email access and office phones were not fully operational. The district initiated its incident response plan, involving federal law enforcement and a team of IT specialists. The investigation is still ongoing, and district officials noted that privacy and security of students and staff are a top priority.
Protect against cyber attacks with Keeper Security
Keeper Security’s FedRAMP and StateRAMP Authorized Privileged Access Management (PAM) solution helps public sector organizations of all sizes strengthen cybersecurity defenses by providing unmatched protection for passwords, credentials and secrets, using a zero-trust, zero-knowledge architecture. Delegated administration and role-based enforcement policies provide system administrators with complete visibility and control over identity security and risks within their organization.
Learn how Keeper can help protect your organization’s critical data. Request a demo today.