St. Paul cyberattack stretches into another day, city says workers will get paid

A state of emergency continued Wednesday in St. Paul after officials shut down the city’s digital infrastructure and worked to the stop the spread of a cyberattack that began Friday.

Computers at city libraries and rec centers were not connected to the internet, and there was no Wi-Fi at City Hall. Online payment systems that handle water and sewer bills also weren’t functional. St. Paul’s 911 and other emergency response systems were still working, Mayor Melvin Carter said, but many other city systems remained shut down in an attempt to contain the attack.

City workers were told that they will receive a paycheck during the next pay period on Aug. 8, a city spokeswoman said.

It is not yet clear why St. Paul was targeted, officials said, or what data might be at risk.

Carter declared a state of emergency that allows the city’s departments of Emergency Management and Office of Technology and Communications to mobilize support from local, state and federal officials.

“This was a deliberate, coordinated digital attack, carried out by a sophisticated external actor, intentionally and criminally targeting our city’s information infrastructure,” Carter said Tuesday.

The mayor said he would not speculate about the motive. He added that he was not aware of any ransom request but said the FBI, not St. Paul, is leading the investigation.

Gov. Tim Walz activated National Guard cyber protection efforts to help the city.

“We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” Walz said in a prepared statement. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

An automated system called an “endpoint detection response system” alerted St. Paul to “nefarious script activity” on Friday, said Stefanie Horvath, the city’s chief information security officer.

“That’s what spurred our immediate response to take a lot of this containment action,” Horvath said.

City officials said they and their partners were working to determine how the attackers entered St. Paul’s systems.

John Israel, Minnesota IT Services’ chief information security officer, said his office encourages people to think of cybersecurity breaches as “not a matter of if, but when.”

Israel urged individuals and governments to add multifactor authentication — something already in place in St. Paul, Horvath said — and use unique passwords on all accounts.

The aftermath of such an attack can be costly, Israel said. Cleanup can cost thousands to millions of dollars depending on the complexity.

Cyberattacks on both the public and private sector are increasingly frequent, and local governments can be prime targets, said Nabil Hannan, chief information security officer for the Minneapolis-based security firm NetSPI.

“It’s pretty well-known that these agencies don’t get enough investment to get the proper type of robust defenses,” Hannan said. “Attackers are very opportunistic, and they try to find the simplest way forward.”

Carter warned that city employees’ data could have been compromised in the attack. He warned city workers to take precautions such as changing passwords for both work and personal accounts.

City officials said they have not yet determined if residents’ data is at risk, but said the city retains little personal information.

“Let me be clear: We have very limited data on specific residents,” Carter said.

Cyberattacks in other cities have exposed personal data. In Dallas, for example, the data of more than 30,000 people was exposed by a 2023 attack.

According to an IBM report, data breaches in the public and private sector had an average cost of $4.9 million in 2024.

Jaime Wascalus, St. Paul’s technology and communications director, did not have a timeline for the restoration of city online services.

Minneapolis officials say they are not experiencing any of the same issues. Ramsey County, which shares a building with the city of St. Paul, is also not affected.