A cybersecurity breach discovered on Wednesday, July 30, 2025, has led the Town of Bar Harbor in Maine to take its municipal systems offline, physically isolating essential infrastructure to prevent further exposure. Town staff immediately enacted an "air gap" to disconnect systems from the broader network, including the SCADA (Supervisory Control and Data Acquisition) systems used to monitor and control water and wastewater treatment operations. These systems remained fully operational and uncompromised during the incident. Public safety communications and services—including police, fire, and EMS—were also secured and experienced no major disruption. Town offices closed on Thursday, July 31, and Friday, August 1, with no timeline yet for reopening.
In an added precaution, the Finance Department froze all existing municipal bank accounts and is transitioning vendors to newly created accounts with limited-access controls. Town employees were notified of the potential risk to personal data, though no confirmed exposure has been identified. CrowdStrike, a leading cybersecurity firm, was engaged to conduct an independent forensic audit of the breach, joined by two local IT experts assisting with system hardening and recovery. Officials emphasized that no malware, viruses, or encryption events were detected, and no funds were lost. The FBI and the town's insurance provider have also been notified. Further updates are expected as the town completes the recovery process and restores systems to operational status.
