Massive CyberAttack Targets Nevada, Data Taken Out of State

A massive, targeted cyberattack last Sunday morning has crippled many Nevada agencies, rendering government websites and phone lines inoperable and closing a majority of offices until further notice.

During yesterday’s press conference in Carson City, state agency officials and FBI agents confirmed that data has been moved off the state network by “malicious actors,” calling the targeted a attack a “challenging and fluid situation” while not disclosing the the nature or extent of the data taken.

Tim Galluzi, the executive director of the Governor’s Technology Office, confirmed “the state of Nevada had become the target of a sophisticated ransom-based cybersecurity attack.”

“The process of analyzing the information to determine exactly what was taken is complex, methodical and time consuming. Speculation on the data that was affected before we have any definitive proof would be irresponsible, ” Galluzi said.

The Governor’s Technology Office was recently enhanced this last legislative session through state Senate Bill 467 to include a division named the Office of Information Security and Cyber Defense (OISCD) to manage statewide security, leading incident response, and “shoring up digital infrastructure across agencies.”

Established July 1, 2025, the OISCD’s Deputy Director Adam Miller told the press on that day:

“The state is still exploring what exactly a statewide security operations center will look like,” Miller said via email, indicating partners including the University of Nevada, Las Vegas are examining the issue. “At the end of the day, the goal is to provide a statewide solution that services all of Nevada, state agency and locality alike.”

Less than two months later, undisclosed malicious actors targeted 3.1 million Nevadans in what is considered the largest data breach in Nevada’s history.

In 2023, Caesars Entertainment Inc and MGM Resorts international endured a ransom wear attack which impacted gaming and hotel operations across multiple properties along the Las Vegas strip for nine days. Caesars reportedly paid “tens of millions of dollars” to hackers who breached their system to prevent releasing sensitive company data. Eastern European hacker gangs ALPHV and Scattered Spider claimed responsibility for the attacks.

On Monday, the Globe contacted the Governor’s office asking a series of questions related to the scope and extent of the cyberattack. We have yet to receive a response at the time of publishing.

Governor Joe Lombardo’s office has provided updates on how state services have been affected. Those updates can be found here. Emergency services have not been impacted by the attack.