The City of Coppell, Texas, has started notifying 16,835 residents of a data breach following its cyber attack in October 2024. The following data has been impacted:
- Social Security numbers
- Driver’s license numbers
- Credit card information
- Financial account information
- Certain medical/health insurance information
At the time, the attack caused significant disruption to the city’s services, with city staff being unable to access a number of systems, records, and data. It took around a week for these systems and phone lines to be restored.
In its notification, the city states: “The City was the victim of an unknown third party gaining unauthorized access to the City network environment on October 23, 2024. Automated security systems responded immediately, helping to contain and mitigate the impact.”
Ransomware gang RansomHub came forward to claim the attack in November, alleging that it had stolen 442 GB of data.
The City of Coppell hasn’t confirmed RansomHub’s claims or whether or not a ransom was demanded/paid. It is, however, offering anyone impacted in the breach access to one year of free credit monitoring, cyber monitoring, and identity theft protection services via Privacy Solutions.
Who is RansomHub?
In 2024, RansomHub was responsible for 118 confirmed attacks and a further 428 unconfirmed attacks. So far this year, it’s been confirmed as the group behind eight attacks on government entities (out of a total of 27 confirmed attacks), including:
- The City of Tarrant, US
- Sault Ste. Marie Tribe of Chippewa Indians, US
- South African Weather Service
- ELECGALAPAGOS S.A., Ecuador
The South African Weather Service was targeted in January, while the remainder were hit in February 2025.
Since March, however, RansomHub has “gone dark” with many suggesting its affiliates have moved to other gangs, such as Qilin.
Ransomware attacks on US government organizations
Throughout 2024, we noted 95 confirmed attacks on US government entities. And so far this year, we’ve seen another 35. As our recent H1 report for 2025 found, government entities remain a key target for ransomware groups with attacks (worldwide) increasing by 60 percent from H1 2024 to H1 2025.
Last month alone, the following US government organizations confirmed attacks:
- City of Durant, Oklahoma – claimed by INC with 800 GB allegedly stolen
- Mower County, Minnesota – unknown hackers
- Taos County, New Mexico – claimed by Kairos with 1.94 TB of data allegedly stolen
- City of Green River, Wyoming – unknown hackers
- City of Thomasville, North Carolina – also claimed by INC with 250 GB allegedly stolen
As we are seeing with this attack on the City of Coppell, ransomware attacks on government entities not only have the potential to cause widespread disruption through the encryption of systems but can have a long-term effect when data is stolen.
About the City of Coppell
The City of Coppell is situated in the northwest corner of Dallas County and is home to over 43,000 people.
