How Baltimore's 2024 Cyberattack Exposed the City's Data Vulnerability and What Residents Should Do Now
In May 2024, Baltimore's city government fell victim to a ransomware attack that encrypted critical systems and exposed the scope of the municipality's cybersecurity gaps. This piece explains what happened, what data was at risk, and the practical steps residents of Baltimore should take to protect themselves from identity theft as a result.
The Attack and Its Scope
The ransomware strike disabled Baltimore's 311 system, water billing platform, and permitting databases for weeks. The attack prevented residents from paying water bills online, filing permits, and accessing city services through normal channels. The attacker, operating under the name BlackCat (also known as ALPHV), initially demanded a ransom rumored in news reports to be in the millions before eventually retreating without releasing a full data dump.
What made this attack significant for Baltimore residents was not just the operational disruption but the confirmed exposure of personal data. City officials acknowledged that information stored in databases including names, addresses, Social Security numbers, and financial account details had been accessed. The exact number of affected residents was never formally confirmed by Baltimore's government, though the scale suggested tens of thousands of individuals.
The attack highlighted a pattern in local government cybersecurity: Baltimore's IT infrastructure, like many mid-sized American cities, had aged systems that were difficult to update without disrupting service delivery. The city's decision not to pay the ransom meant that recovery relied on restoring systems from backups and rebuilding databases manually, a process that extended the disruption into summer.
Why Baltimore Became a Target
Baltimore's vulnerability reflected choices made years before the attack. Municipal networks typically run legacy software that cannot be immediately patched or replaced. Upgrade cycles are slow because downtime affects tax collection, permitting, water service billing, and other functions that residents depend on daily. When budget constraints force postponement of security infrastructure investments, the risk compounds.
News outlets covering the attack noted that Baltimore was not isolated. Cities including Baltimore County, the State of Maryland's health department, and numerous smaller municipalities across the United States experienced similar ransomware incidents in 2023 and 2024. What distinguished Baltimore's case was the visibility: the incident affected a major East Coast city of 585,000 people and generated coverage in national media outlets.
The attack also occurred within a broader context of Baltimore's relationship with institutional transparency. The city's government had faced criticism for delayed public communications during past crises. In this case, official updates on the cyberattack came slower than residents affected by the disruption wanted, leaving local news outlets and word-of-mouth as primary sources of information for several days.
Data Exposure and Identity Theft Risk
Residents whose data was exposed during the attack face identity theft risk over a timeline that extends far beyond the initial incident. Identity thieves do not act immediately. They test stolen credentials, build profiles over months, and strike when they can maximize damage or profit. A Social Security number stolen in May 2024 could be used to open fraudulent accounts or file false tax returns in 2024 or 2025.
The types of data confirmed as exposed in Baltimore's case include:
Social Security numbers: The most valuable piece of personal information for identity theft. With an SSN and name, criminals can apply for credit, open bank accounts, or obtain government documents.
Names and addresses: Used to research targets and verify stolen information is legitimate before attempting fraud.
Financial account information: Including bank account numbers and payment card data, making direct account compromise possible.
Government identification numbers: Driver's license numbers and state ID information can be used to request replacement documents or obtain loans using fraudulent applications.
Residents in Baltimore should assume their data is compromised if they received any city service that required submission of personal information. This includes applications for housing permits, business licenses, tax assessments, or water service accounts. The exposure was not limited to a single database but affected multiple systems, meaning exposure was not uniform across all residents.
Immediate Actions for Baltimore Residents
Obtain and monitor your credit reports. Use AnnualCreditReport.com (the only federally authorized free service) to request reports from all three bureaus: Equifax, Experian, and TransUnion. Review each report for accounts you did not open. You are entitled to one free report from each bureau per year; after using your annual allotment, you can request additional reports if you are monitoring due to fraud suspicion.
Place a fraud alert. Contact any one of the three credit bureaus and request a fraud alert. That bureau is required by law to notify the other two. A fraud alert requires creditors to verify your identity by phone before opening new accounts in your name. The initial alert lasts 90 days; if you place it, you can request an extended alert that lasts seven years by providing proof of identity theft.
Consider a credit freeze. This is more restrictive than a fraud alert. A freeze prevents credit bureaus from releasing your credit report to anyone unless you unlock it. You must unfreeze to apply for new credit yourself. Maryland residents can place a freeze for free through any of the three bureaus. The process takes a few days, but the protection is stronger than a fraud alert.
Monitor financial accounts directly. Review bank and credit card statements weekly, not monthly. Set up account alerts through your bank if available. Many banks allow you to flag transactions over a certain amount or transactions from new merchants. This catches fraudulent activity before statements arrive.
Monitor for government fraud. Check your tax transcript through IRS.gov to ensure no one has filed a false return using your SSN. You can also place an alert with the IRS, though this is less standard. If you are a homeowner, monitor your property tax account through Baltimore City's online system to watch for suspicious changes to assessed value or ownership information.
What Baltimore's News Coverage Revealed
Local Baltimore news outlets, including The Baltimore Sun and local television stations, provided more detail on the attack's mechanics than the city government initially released. Reporting revealed that the attack occurred on May 7, 2024, but was not publicly disclosed until May 22. The delay generated criticism in editorial coverage about why residents had not been notified sooner, particularly those using city services during that window.
Coverage also highlighted disparities in how the attack affected different communities. Residents in neighborhoods with higher rates of digital adoption (Canton, Federal Hill, Roland Park) were able to adjust to service disruptions more quickly by using alternate payment methods or accessing services through county systems. Older residents in neighborhoods including West Baltimore and East Baltimore, who relied more heavily on in-person city services, faced greater inconvenience and longer wait times to pay bills or file permits.
The incident also prompted local media to examine whether Baltimore's IT budget was sufficient. Reporting indicated that the city's information technology department operates with resources comparable to smaller cities, despite serving a major metropolitan population. This reality means recovery from cyberattacks takes longer and costs more in overtime and emergency contracting than better-resourced systems would require.
Long-Term Implications
The attack exposed a governance problem that will persist regardless of immediate recovery. Baltimore's city government must eventually modernize its IT systems, but this requires sustained funding and political will. Temporary fixes and patch management cannot address structural vulnerability indefinitely. The city has announced plans for system upgrades, but Baltimore residents should monitor whether these commitments translate into budget allocations.
For individuals affected, the cybersecurity risk remains present for years. Stolen data circulates in underground markets and is reused by multiple criminal groups. Placing a credit freeze offers the most complete protection available to Baltimore residents until you are confident fraud risk has passed or until you need to open new accounts.
Check your Baltimore water bill, property tax statement, and any permit applications you submitted to the city to determine whether you should assume your data was compromised. If you received city services requiring personal information, place a fraud alert now. The cost is zero and the protection extends across all creditors instantly.

