Fargo Park District in Fargo, North Dakota, has disclosed a cybersecurity incident in late October that disrupted phones, email and internal systems, telling residents weeks later that an investigation is still underway and potential data exposure remains unclear.
The district says staff detected unusual activity on its network Oct. 27, prompting the shutdown of some systems and causing temporary outages to phones, email and internal tools. Essential programs and park operations continued, according to district statements shared online and with local media.
Officials publicly confirmed the incident Friday, Dec. 5, describing it as a cybersecurity breach that interrupted communications but did not halt programming. The disclosure came nearly six weeks after the activity was first detected and more than five weeks after the district’s initial public notice about “system-wide outages” that did not mention a cybersecurity incident.
The district set up a dedicated update page and FAQ and says it is working with outside digital forensics specialists and legal counsel to understand the scope of the event.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Executive Director Susan Faus said the district waited to brief the public until investigators had verified details. “Because the scope of the incident was not yet known and the investigation was actively evolving, we did not have enough confirmed information to responsibly share with the public until now,” Faus told local station KVRR. She said that once officials had “verified details to provide accurate and transparent information,” they moved forward with public communication.
Residents first saw signs of trouble Oct. 28, when the district posted on social media about “system-wide outages” affecting park phones and email and said staff were working to fix the issue. At the time, the announcement did not mention a cybersecurity event, and officials have not said why that information was not shared sooner.
The district has not said what kind of malware or attack method was used and has not confirmed whether any files were encrypted or stolen. The agency says it is reviewing its systems to determine whether personal information was involved and will mail letters and offer support services if investigators confirm any data exposure. Officials say third-party vendor systems used for registrations and similar services remain unaffected.
The delayed disclosure coincides with an extortion claim by a ransomware group calling itself Interlock, which listed Fargo Park District on its leak site shortly before the public announcement, according to ransomware-tracking site Ransomware.live. The district has not commented on that claim, has not attributed the incident to any threat actor, and has not said whether the leak-site posting affected the timing of its disclosure.
Faus said staff “have focused every effort on restoring operations safely” and are working with experts to identify the extent of the incident. Phone and email service have largely been restored, according to district updates, and parks, programs and facilities remain open.
Fargo Park District manages Island Park, Lindenwood Park and more than 2,100 acres of parkland in and around Fargo, providing recreation programs and facilities for the city of about 131,000 residents.
Publicly disclosed cyberattacks involving North Dakota government entities have been sporadic in recent years, with higher-profile cases centering on a 2022 phishing-driven breach at Workforce Safety & Insurance that exposed data on 182 injured workers, a data-exfiltration attack at Pembina County Memorial Hospital and the CommonSpirit Health ransomware incident that disrupted CHI St. Alexius Health in Bismarck along with dozens of hospitals in other states. State officials credit a “whole-of-state” cybersecurity strategy built on the shared STAGEnet network and centralized cyber services, while state law requires breach notices “in the most expedient time possible and without unreasonable delay” but allows time to scope the incident and coordinate with law enforcement.
The Fargo case also comes as ransomware crews increasingly test park agencies, following a 2024 cyberattack on the Minneapolis Park and Recreation Board that officials say knocked out park phone lines for weeks, forced temporary numbers for customer service and park police, and has been claimed by the RansomHub ransomware group while investigators review what information may have been accessed.
Officials say anyone with questions about potential data impacts will be able to contact a dedicated call center once notifications begin. In the meantime, residents who interacted with the district around late October may want to watch bank and credit accounts for unusual activity and be cautious about unsolicited emails or calls referencing Fargo Park District.
