The attack interfered with e-mail accounts and other functions, but did not breach data

By Deborah Sullivan Brennan
OCT. 31, 2019 3:48 PM

SAN MARCOS — Computer systems at the city of San Marcos were hacked last week, in an attack that has interfered with email accounts and other internal functions, but has not resulted in data breaches, city officials said.

“An external, malicious entrance to our system occurred on October 24,” city spokeswoman Robin Rockey stated in an email Thursday.

Rockey said the city doesn’t know who was responsible for the cyber-attack, but is working with the San Diego County Sheriff’s Department, FBI and California Joint Powers Authority Insurance to investigate it. Officials also didn’t say whether the attack appears to be domestic or foreign.

Most internal systems were affected, she said. City email accounts were disabled, and messages sent to the city were returned with the notices “Delivery Delayed: report of hack on San Marcos city systems.”

However, she said, sensitive data wasn’t affected and there were no financial losses, other than the time spent addressing the problem.

“There was no data breach or extraction,” Rockey said. “Our data is secure and uncompromised.”

Rockey said the city is unsure when its systems will be operating again, but said officials expect they will be restored by early next week. She declined to say what steps the city is taking to address the hack and secure city systems.

City facilities remain open during the investigation, and emergency services are working, officials said.

“City emergency management capabilities are fully operational,” City Manager Jack Griffin said in a statement. “None of this affected our public safety systems. Police and fire services are not affected.”

On Tuesday, the city posted a notice on its website addressing a problem with its online systems, but did not specifically acknowledge the cyber-attack.

“The City of San Marcos recently identified a technical issue that has affected the availability of some of our computer systems,” the city notice stated. “Upon learning of this issue, we promptly commenced an internal investigation and retained an independent computer forensic and cybersecurity firm to help us respond.

“The security and privacy of our residents, employees and community partners is our top priority. We have moved from assessment to recovery and are confident that our system will be restored soon and that our data is secure and uncompromised. We are also working with appropriate law enforcement agencies as they investigate the matter.”

FBI spokeswoman Davene Butler said she couldn’t comment on the San Marcos investigation, but said the FBI investigates cyber-attacks and helps businesses or organizations that are targeted to defend themselves against further intrusions.

“We will work with the victim to conduct actions that produce a deterrence to cyber adversaries,” Butler said. “No matter what course of action is deemed appropriate, the FBI views a company that has been attacked as a victim and will protect investigative information appropriately.”

FBI webpages discussing cyber-crime discussed the range of possible targets and means of attack.

“Terrorist groups and other adversaries view the U.S. critical infrastructure — ranging from the financial sector to hospitals to electricity grids — as high-value targets that would disrupt American life if attacked,” one FBI webpage stated.

The FBI sees a combination of both domestic and foreign attacks, that can range from high-level espionage to workplace grudges, Butler said.

“We face cyber threats from hackers for hire, organized cyber syndicates, and state-sponsored hackers—also known as the “blended threat” of nation states working in tandem with criminal actors to target the U.S., its businesses, and its people,” she said in an e-mail. “The FBI also investigates “insider threats” involving disgruntled current or former employees that exceed their authorized access and cause damage to their employer’s computer network as a form of retaliation.

Other recent attacks include business e-mail compromise, in which a hacker will gain access to a company official’s e-mail to defraud the company or obtain employees’ private information; ransomware, in which hackers will place malware in digital files that demands a ransom; and unauthorized crypto-currency mining.

She didn’t recommend any specific measures in response for residents concerned about the San Marcos cyber-attack, but said residents and businesses can protect themselves by using strong, unique passwords and two-factor authentication, maintaining computer updates, monitoring credit regularly, and other steps. More information is available at FBI webpages, including and

Anyone who has been the target of hacking or has information on an incident can report it to the FBI Internet Crime Complaint Center (IC3), the FBI website stated.