Image made at Canva.com
DERBY – Computer systems at the Derby Police Department may have been compromised by a third party, The Valley Independent Sentinel has learned.
The Valley Indy reached out Monday (March 17) to the police chief and Mayor Joseph DiMartino’s office for more information.
Details of what happened – or what’s happening – are not being shared with the public.
However, at the Derby Board of Aldermen & Alderwomen meeting March 13, elected officials added a discussion item to the agenda calling for an executive session “related to a matter of security pertaining to the police department’s IT system.”
The wording was advised by Derby Corporation Counsel Richard Buturla.
At a tax board meeting March 11, Derby Police Chief Scott Todd said the department was having trouble accessing data.
Four independent sources said the Derby Police Department attack seems to involve ransomware, where a third party takes control of access to data and demands payment to restore access.
Cyber attacks on police departments and local governments have been on the rise, according to a 2024 article from StateScoop, a website that covers technology in state and local governments.
Malware attacks jumped 148 percent from 2023 to 2024, while ransomware attacks jumped 51 percent, according to the publication’s reporting.
The Derby Police Department was the victim of a ransomware attack in 2018.
“The hackers took control of the police email system, payroll records and HR documents. Cyber crooks held the critical data hostage for more than 12 hours while demanding ransom,” WTNH reported at the time.
Data from the Town of Plainfield and its police department was held hostage during a ransomware attack in 2022, WTNH reported.
Smaller local governments and police departments are vulnerable to attack because they often lack the money to spend on cybersecurity and software updates, according to a 2021 article written by retired police officer Tim McMillan.
McMillan describes a ransomware attack as follows:
“In most instances, a police department suddenly finds itself locked out of the records management system that houses all of the agency’s data files, including personnel records, police reports, and investigative files.
Hackers then tell the department they have a set amount of time to make a payment, or the cybercriminals will permanently delete all of the records.
Conventional police logic says never negotiate with extortionists; however, the hackers are often savvy enough only to ask reasonably small ransoms. Typically, only asking for a few hundred dollars for a decryption key, allowing an agency to unlock all of its files.”
This story will be updated if Derby releases information.
