A cybersecurity incident discovered on Friday evening, May 9, 2025, is currently affecting Alabama’s state-operated digital infrastructure. The Office of Information Technology (OIT) has acknowledged that the breach has disrupted access to state websites, email services, and phone communications.

Preliminary assessments suggest the compromise of several state employee credentials, though the state reports that there is no indication residents’ personal data has been exposed.

The Office of Governor Kay Ivey and OIT are working with an external cybersecurity firm to investigate the scope of the breach, contain its impact, and begin restoring affected systems. State officials have pledged to provide ongoing updates, while also reminding government employees to be cautious of suspicious emails that may be part of a broader phishing campaign.

Why It Matters: Cybersecurity events at the state level can stall access to essential services, compromise sensitive employee or operational data, and expose vulnerabilities in public digital infrastructure. Alabama’s situation is a reminder of how quickly such breaches can escalate and the complexities involved in investigating and remediating them without full visibility into their origin or intent.

• Detection and Initial Response: The cybersecurity breach was first identified on the evening of May 9, 2025. The exact nature of the detected “abnormal activity” has not been disclosed, but officials stated that response teams began working immediately to assess and contain the situation. While containment efforts are ongoing, many technical specifics about the method of intrusion remain unclear.

• System Disruptions and Operational Impact: The incident has resulted in intermittent outages across a number of state-run platforms, including websites, email servers, and phone systems. Officials acknowledged the potential for delays and service limitations during the response period. There has been no indication of whether critical infrastructure, such as emergency services or health systems, was affected, nor how long disruptions are expected to last.

• Employee Credential Exposure: Some state employee usernames and passwords were confirmed to have been compromised. Officials did not disclose the number of affected accounts or whether multi-factor authentication was in place. There is currently no public evidence that more sensitive internal systems, financial records, or classified data have been accessed, though investigations are ongoing.

• External Investigation and Support: A third-party cybersecurity firm has been engaged to assist with technical investigation, forensic analysis, and system recovery. While this move aligns with industry standards during large-scale incidents, few details have been shared about the firm’s findings or the timeline for completing the investigation.

• Transparency and Cautionary Measures: The state has set up a dedicated website for public updates: www.oit.alabama.gov/cybereventMay2025. Employees are being urged to exercise caution, particularly around suspicious emails, as a precaution against possible phishing attacks. However, beyond issuing general warnings, there’s little publicly available information on whether new technical safeguards or user support measures are being rolled out in the short term.

Go Deeper -> Governor’s Press Office – State of Alabama