The City of Sheboygan, Wisconsin, has confirmed that a ransomware attack on October 31, 2024, resulted in the theft of sensitive personal information of approximately 67,000 individuals. In breach notification letters filed on June 28, 2025, with regulatory bodies, city officials revealed that Social Security numbers, state-issued IDs, and vehicle license plate numbers were among the data compromised in the breach.
Sheboygan, home to nearly 50,000 residents, had initially reported the incident shortly after the attack but maintained that no evidence of data theft had been found at the time. The ransomware gang Chort later claimed responsibility for the breach, posting screenshots of file archives on its dark web leak site and demanding ransom payment.
Now, after a thorough investigation conducted by an external cybersecurity firm, the city has acknowledged that personal data was in fact exfiltrated. The investigation concluded on May 14, 2025, confirming that attackers accessed and stole data from compromised systems.
Chort Ransomware Gang Linked to Global Attacks
The Chort ransomware group, which emerged in late 2024, has been linked to several high-profile cyberattacks on public institutions around the world. In addition to Sheboygan, Chort has claimed attacks on:
- Kuwait’s Public Authority of Agriculture Affairs and Fish Resources
- A public school district in Georgia, USA
- Hartwick College in New York, which disclosed a breach affecting more than 4,800 people
Sheboygan’s case marks a troubling addition to Chort’s expanding list of victims, particularly among state and local government bodies, which are often under-resourced in cybersecurity defense.
Officials confirmed that the city has reported the incident to law enforcement and is working with authorities by “incorporating their guidance” into the response plan. Emergency services in Sheboygan remained operational throughout the incident, though the city has not provided technical details about the duration or extent of system disruptions.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
Residents Offered Protection, Statewide Concerns Grow
In response to the confirmed breach, the City of Sheboygan is offering one year of complimentary identity protection services to those whose data was compromised. The breach affects not only city residents but may also include individuals whose data was processed by city services, such as parking enforcement or licensing authorities.
The incident has reignited concerns about the vulnerability of municipal systems across the United States. Sheboygan is among several Wisconsin government entities that have been targeted by ransomware groups in the past two years, reflecting a broader trend of attacks on underprepared local agencies.
Cybersecurity experts warn that ransomware gangs like Chort are increasingly targeting smaller government agencies, educational institutions, and healthcare providers — sectors that often lack the budget or infrastructure for strong cyber defenses.
The Sheboygan ransomware attack is a sobering reminder of how deeply digital threats can penetrate local governance structures. As ransomware groups like Chort expand their reach and sophistication, municipalities across the globe face growing pressure to invest in cybersecurity, train personnel, and establish rapid response frameworks to protect citizen data.
For now, Sheboygan’s residents are being urged to monitor their accounts, use identity protection services, and remain vigilant against signs of identity theft or fraud. Meanwhile, the city continues working with federal and state law enforcement to investigate the breach and bolster its cyber defenses for the future.