City of St. Paul Hit by Major Cyber Attack: What You Need to Know

On July 29, 2025, the City of St. Paul, Minnesota, became the target of a deliberate, coordinated digital attack that led to widespread service disruptions and a full shutdown of municipal systems. The incident quickly escalated to a state of emergency, with the Minnesota National Guard stepping in to assist.  

What Happened in St. Paul? 

Gov. Tim Walz activated the Minnesota National Guard, including its cyber protection team, because the city’s systems were overwhelmed. Mayor Melvin Carter confirmed the city shut down all information systems to contain the threat. Public WiFi in city buildings went offline, libraries stopped digital services, and internal network access was halted.  

Officials have not confirmed if sensitive data was accessed—but the pattern aligns with ransomware-style attacks, where systems are encrypted and held hostage.  Two national cybersecurity firms were engaged for remediation, and the FBI is actively involved.  

Impact and Response of Cyber Attack on St. Paul

Key digital services, like public libraries and municipal WiFi, were unavailable. Frontline city functions, including internal communications and applications, were disrupted. However, 911 and critical emergency services remained operational.  Employees were told to take leave due to email and system outages, while residents and workers were advised to monitor their financial accounts.  

Lessons and Best Practices 

1. Proactive containment: Shutting down systems early helped limit the potential damage of the attack.  
2. Cross-agency coordination: Engaging federal, state, and national guard cyber units proved critical when local resources were exceeded.  
3. Public communication: Residents were encouraged to check for suspicious financial or account activity—advising unique passwords and possibly credit monitoring.  

Broader Context: Why Cyber Attacks in Minnesota? 

Over the past two years, Minnesota institutions have experienced multiple cyber incidents, including:

• St. Paul Public Schools exposed 43,727 student names and emails in a February data breach (no financial or sensitive data).  
• The Minnesota Department of Education, Minneapolis Public Schools, University of Minnesota, and regional school districts have all suffered breaches or ransomware disruptions.  
• In response, Minnesota rolled out a $23.5 million cybersecurity plan to support local governments, schools, and critical infrastructure.

How This Incident Relates to a Robust IT Strategy 

The cybersecurity incident in St. Paul highlights critical lessons: 

• Preparedness matters: While incident response plans and backup strategies are absolutely essential.  Holding regular tabletop exercises to test those plans is how you create preparedness. 
• Centralized visibility: Automated monitoring tools can detect anomalies before they escalate. 
• Clear communication: Regular updates reduce confusion and reinforce trust—both internally and with the public. 
• Third-party validation: Engaging external cybersecurity experts quickly can accelerate containment and recovery. 
• Strategic investment: Companies and organizations must align budgets and priorities to defend against escalating cyber threats through proactive measures. 

The City of St. Paul cyber attack serves as a stark reminder that even well-administered public systems can be brought to their knees by a determined digital threat. Swift coordination across city, state, and federal agencies, along with third-party help, made containment possible, but disruption was still significant. 

As we support clients in building repeatable, scalable, and secure IT environments, this incident underscores the value of proactive measures, rapid response protocols, and clear communication principles Thriveon champions in its mission to empower businesses through technology.

Get more information about cybersecurity and compliance.