ImageImage
Jacksonville Beach City Hall | Google Maps

#AskJAXTDY | Will Jax Beach explain its ‘cybersecurity event’?

Published on March 13, 2024 at 12:04 pm
Find everything you need to make informed decisions this election season, plus so much more.

Q: As Jacksonville Today reader Duke L. observes, Jacksonville Beach appears to still be suffering from the possible cyberattack that struck in late January and temporarily shut down city services.

Jacksonville Beach city officials first reported Jan. 29 that a “cybersecurity event” had affected its digital infrastructure. The incident forced City Hall and most city facilities to shut down, with staff emails and online activities inoperative. The incident also initially affected the city’s accounting functions.

Jacksonville Today thanks our sponsors. Become one.

Within days, City Hall reopened. Most of its staff were able to handle online work, and Beaches Energy and the city’s pollution control and water plant became fully operational, an update statement said.

But as recently as last week, Duke noticed that a City Council meeting wasn’t live-streamed. “There really seems to be no documentation other than minutes of the meetings given out weeks later,” he wrote to Jacksonville Today.

And he wonders why the city hasn’t provided more information about what actually happened, or whether the situation has been resolved.

Article continues below

Jacksonville Today thanks our sponsors. Become one.

“When will the city of Jacksonville Beach disclose what truly happened in this ‘cyber attack’ and if they’ve recovered from it?”

A: The city has never released an official cause of the cybersecurity event, only that IT teams and security specialists are doing a forensic investigation.

Asked what exactly happened, Mayor Christine Hoffman tells Jacksonville Today that the city is “providing updates when they are warranted and under the advice of the professionals who are working with us on this event.”

As for the City Council YouTube live stream, Hoffman confirms that it is not yet available, but all City Council meetings are recorded and later posted at jacksonvillebeach.org/555/City-Council-Audio-Recordings.

Jacksonville Today asked Iman Vakilinia, an assistant professor in the University of North Florida School of Computing, what a “cybersecurity incident” could refer to. In an email, he says it’s “any malicious activity or breach that compromises the confidentiality, integrity or availability of digital systems.”

“Cybersecurity incidents can happen through various means, including cyber attacks, human error, system vulnerabilities,” he says.

Vakilinia says recent news reports indicate that cyber attacks targeting government operations and hospitals have increased.

In early February, Hoffman provided the City Council with a memo saying that staff were working with police and cybersecurity specialists. But “due to the active investigation into this matter, I am limited in the details I can provide.”

“First and foremost, I want to emphasize that the safety and well-being of our community remain our top priority,” Hoffman said in the memo.

While the city encountered some challenges with its accounting functions, all pension and employee payroll is being processed, she said.

“Our IT teams and external cybersecurity specialists are conducting a thorough forensic investigation to understand the full scope of this event,” she wrote. “Concurrently, we are working diligently to safely and fully restore the technical environment, enhance our cybersecurity posture, and prevent future incidents.”

Jacksonville Today asked Vakilinia how long it could take a city government to get back to normal after a cybersecurity incident. He said recovery “can vary significantly depending on various factors, including the nature and severity of the incident, the effectiveness of the organization’s incident response plan, the extent of the damage or data loss, and the resources available for remediation.”

“In some cases, an organization may be able to resume normal operations relatively quickly, especially if the incident is promptly detected and contained and if backup systems are readily available to restore affected data and services,” Vakilinia said. “However, in more complex or severe incidents, the recovery process may take days, weeks, or even longer.”


Have a question you’d like the Jacksonville Today team to look into? Email news@jaxtoday.org with #AskJAXTDY in the subject line, and you might see your answer soon.


author image Reporter email Dan Scanlan is a veteran journalist with almost 40 years of experience in radio, television and print reporting. He has worked at various stations in the Northeast and Jacksonville. Dan also spent 34 years at The Florida Times-Union as a police and current affairs reporter.

Please enable JavaScript in your browser to complete this form.