How did the New Bedford email breach occur?

The breach occurred when the Parks and Recreation Director opened a phishing email disguised as a message from a local nonprofit, which allowed unauthorized access to her official account.

Which systems were affected by the attack?

The attack targeted the city's Microsoft-hosted email platform. Officials stated that the city's internal servers, data, and hardware were not affected.

What data was exposed in the incident?

The exposed data includes the director's email contact list and potentially the contents of her ingoing and outgoing email communications.

What steps did the city take to remediate the breach?

The IT department disabled the affected account, reset the password, revoked all active sessions, and blocked further sign-in attempts to stop the spam distribution.

What should recipients of the suspicious emails do?

Recipients are advised to delete the emails immediately and avoid clicking any links or opening attachments to prevent further security compromises.

Incident

City of New Bedford Email Account Compromised in Phishing Attack

published: March 19, 2026

Learn More

The City of New Bedford, a municipality in Massachusetts, confirmed a cybersecurity incident on March 12, 2024, caused by the compromise of a high-level official email account.

An employee interacted with a phishing email designed to look like a message from a local nonprofit organization. After compromising the employee's email account, the attacker launched a secondary phishing campaign distributing malicious "proposal" links to their entire contact list.

The compromised data may include:

Email contact list names and addresses
Sent and received email communications
Internal municipal metadata used in spam lures

The number of affected individuals is not disclosed. The incident did not impact core infrastructure. The full scope of the incident is currently being investigated.

The IT department disabled the affected account, revoked all active sessions and performed password resets and sign-in blocks to prevent further exploitation.

A warning was issued to all recipients of the phishing emails, advising them to delete the messages without clicking any links.

City of New Bedford Email Account Compromised in Phishing Attack

Read More
Lorain County auditor's office hit by ransomware attack …
Butler County reports data breach
Mexican Attorney General's office hit by ransomware attack
Northern Ireland Police Services staff and civilians impacted …
Philippine Maritime Industry Authority reports cyberattack, data breach