Alabama Office of Information Technology is responding to a cybersecurity incident, as announced by the office on Monday, May 12.
Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, shares more details, stating, “The state of Alabama is investigating a cybersecurity event that could disrupt important state government services. The actor and scope of the attack are still unknown. Alabama Governor Kay Ivey has confirmed that some state employee usernames and passwords were compromised.”
The attack led to potential disruptions for users of the state network, including interruptions to websites, phone, and email services.
Costis provides insight on cyberattacks against government entities, saying, “This attack follows the recent trend of state and local governments falling victim to cyberattacks. Some examples include Abilene and Mission city governments in Texas, as well as Union County in Pennsylvania, which were all hit by attacks in the past two months.”
As of May 16, 2025, the office has identified the source of the incident and is proceeding with next remediation steps, including bolstering the state’s IT infrastructure.
Costis remarks, “The breach serves as another reminder of the need for government institutions to implement effective detection and prevention strategies. To best defend against attacks like this, it is critical for all organizations that manage sensitive information to rigorously test their security controls. By validating their defenses against attackers’ known tactics, techniques, and procedures (TTPs), security teams can proactively assess their security posture and identify any weaknesses. Regular testing ensures governments stay ahead of adversaries and reduces the risk of civilians’ or state officials’ information from falling into the wrong hands.”
