Federal authorities have launched a full-scale investigation into a sophisticated cyberattack that targeted multiple New Hampshire state government computer systems earlier this week, potentially compromising sensitive personal data belonging to thousands of Granite State residents. The FBI’s Boston field office confirmed its involvement on Wednesday, deploying a specialized cybercrime unit to work alongside state cybersecurity teams in assessing the full scope of what officials are describing as one of the most serious digital intrusions in the state’s history.
The attack, first detected Monday evening by the state’s IT security monitoring systems, appeared to target databases within the Department of Health and Human Services and the Department of Motor Vehicles, both of which maintain extensive records containing residents’ personal information. Officials believe the attackers employed advanced ransomware techniques, encrypting critical files and demanding payment in cryptocurrency for their release, following a pattern consistent with organized cybercriminal operations that have targeted government entities across the country.
Governor Chris Sununu addressed the situation during an emergency press conference at the State House, assuring residents that immediate steps were taken to isolate affected systems and prevent further unauthorized access to sensitive government databases. He emphasized that no ransom would be paid under any circumstances and that the state was working closely with federal partners to identify those responsible for the intrusion and hold them accountable through the full extent of applicable criminal law.
Denis Goulet, Commissioner of the Department of Information Technology, explained that the state’s cybersecurity infrastructure detected unusual network activity within hours of the initial breach, allowing teams to contain the attack before it could spread to additional critical systems across the government network. However, he acknowledged that some personal information, including names, addresses, dates of birth, and potentially Social Security numbers, may have been accessed during the window before containment was achieved, affecting an estimated 30,000 to 50,000 individuals.
Affected residents will receive formal notification letters in the coming weeks, along with detailed information about complimentary credit monitoring services and identity theft protection being offered by the state for a period of two years. A dedicated hotline has been established at 1-855-NH-CYBER for concerned citizens to call with questions about whether their data may have been compromised in the incident, and the state has partnered with a leading identity protection firm to provide support to those affected.
State lawmakers from both parties expressed serious alarm at the breach, with several calling for substantially increased funding for cybersecurity infrastructure during the upcoming legislative session. Senator Sharon Carson stated that protecting citizens’ digital information must be treated as a critical budget priority equal to physical infrastructure, noting that government agencies at all levels face growing threats from sophisticated criminal organizations and state-sponsored foreign actors seeking to exploit vulnerabilities in aging government technology systems.
Cybersecurity experts consulted by the Granite Gazette indicated that attacks targeting state and local governments have increased dramatically in recent years, with municipalities and state agencies often lacking the financial resources and specialized personnel to implement enterprise-level security measures comparable to those deployed in the private sector. They recommended that New Hampshire consider establishing a dedicated cybersecurity task force with independent authority and dedicated funding to coordinate defensive strategies across all state agencies and municipal partners.
The investigation remains active, with federal agents working to trace the origin of the attack through digital forensic analysis and identify the individuals or groups responsible for orchestrating the breach. Officials have asked anyone with relevant information to contact the FBI’s Internet Crime Complaint Center through its online reporting portal. Meanwhile, state employees across all departments have been directed to change all passwords, complete mandatory cybersecurity awareness training, and report any suspicious digital activity as part of the comprehensive immediate response protocol established following the breach discovery.
