In the early hours of Friday, July 25, our cybersecurity protection systems detected suspicious activity on the city’s network.
That alert triggered an immediate and coordinated response—led by Deputy Mayor Jaime Tincher, Office of Technology and Communications Director Jaime Wascalus, Chief Information Security Officer Stefanie Horvath, and Emergency Management Director Rick Schute.
Working closely with state leaders and private cybersecurity experts, our teams quickly moved to investigate, assess, and contain the situation.
We now know this was not a system glitch or technical error.
This was a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure.
From the moment this threat was identified, we’ve taken swift action to defend our systems and protect our community:
- We’ve activated the City’s Emergency Operations Center to coordinate a whole-of-government response.
- We’ve retained two national firms with deep cybersecurity expertise to support our recovery.
- And we’re working closely with local, state, and federal law enforcement agencies, including the FBI, to trace the source and scope of the breach.
To ensure our team has full and immediate access to every available resource, I am issuing a local declaration of emergency. This declaration gives us the tools we need to move quickly and respond with the urgency this situation demands.
Yesterday, we initiated a full shutdown of our information systems as a defensive measure to contain the threat.
The citywide service outages we experienced, including the loss of Wi-Fi in city buildings, disruptions to the library collection management system, and the temporary suspension of network access for a wide range of internal applications used by – were a direct result of that protective action.
I have been in direct contact with Governor Walz, and have formally requested emergency support from the Minnesota National Guard, whose cybersecurity experts are now actively assisting us in securing, restoring, and rebuilding our digital infrastructure.
Again, this breach was intentionally caused by a criminal external threat actor. While our investigation is ongoing—and we continue working to confirm what systems were accessed and what data, if any, may have been stolen—we are urging all city staff to take precautionary steps to safeguard their digital security, in both their professional and personal lives.
To help provide more detail on our response operations, I’m joined today by Technology Director Jaime Wascalus. Together, they are leading our cross-agency coordination and will offer further updates.
We’re also joined by Police Chief Axel Henry and Fire Assistant Chief Jeramiah Melquist, who can speak to how our emergency responders are adapting to these evolving threats—while maintaining a high state of readiness to respond to emergencies across our city. From the very beginning of this incident, preserving our ability to deliver emergency services has been a top priority, and I’m grateful for their leadership in ensuring that continuity.
Before we conclude, our team will stand for a limited number of questions. Because this remains not only an ongoing investigation, but an active and dynamic threat, we are able to provide basic information about what has happened and the steps we are taking in response—but we will not speculate on the motivations of the threat actor or share specific details about the investigation at this time.
We will continue providing updates as this work progresses. In the meantime, we remain focused on defending our systems, protecting our city, and upholding the trust of the people we serve.
Thank you.
###