Case studies
Three mornings every small municipality should rehearse.
Illustrative composites built from real engagements. Names, jurisdiction, and identifying details changed; timeline and decision points are real.
Ransomware (known family, decryptor available)
A 12,000-population town's first 90 minutes.
Ransomware across permitting, tax, and utility billing — handled before lunch.
- Size
- ≈12,000 residents
- Jurisdiction
- US municipality (state undisclosed)
- Outcome
- Recovered to a 3-week-old backup; lost intervening data; no ransom paid.
Business email compromise (BEC) targeting accounts payable
The wire that almost left on a Friday afternoon.
A treasurer's mailbox compromise caught by a paper countersign rule — with eleven minutes to spare.
- Size
- ≈34,000 residents
- Jurisdiction
- Canadian mid-sized town
- Outcome
- Wire intercepted at the bank; funds never left; full forensic scope contained over the weekend.
Credential stuffing on a municipal CMS admin account
The defaced library homepage at 11pm on a long weekend.
A CivicPlus credential-stuffing hit, a public-facing page rewritten, and a 19-minute response that kept residents informed.
- Size
- ≈58,000 residents
- Jurisdiction
- US municipality (county-seat city)
- Outcome
- Page restored in 19 minutes; no resident data exposed; admin MFA rolled out site-wide the next business day.