A cyberattack on systems run by Utah-based Peak Software Systems disrupted its Sportsman recreation-registration platform in late February, forcing some U.S. cities to pause online signups, rentals and, in some cases, card payments.
Peak Software Systems, based in Sandy, Utah, sells Sportsman Web, a cloud platform used by parks and recreation departments for online registration and reservations.
In a notice posted by the City of Clute, Texas, the city said the vendor reported detecting a cyberattack early Feb. 26 that led to a system outage after attackers encrypted parts of the company’s infrastructure, including backups and internal systems. The city said Peak brought in outside cybersecurity help and worked with federal law enforcement as it investigated and restored service.
Clute’s notice said Peak regained access and began restoration March 1 after obtaining decryption keys from the attackers. The city said the vendor reported no exposure of customer credit card data because payments run through separate PCI-compliant infrastructure, while its review of other customer data was still ongoing.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Cities using Sportsman reported disruptions that spilled into everyday civic services tied to recreation programs and facilities. In Garden City, Michigan, the city said Feb. 26 that it could not process program registrations or rentals, could not access the online portal, and that its Radcliff Center and Ice Arena could accept only cash payments.
In Brigham City, Utah, the city pool reported the outage blocked swim-lesson registration “in the office or over the phone” and prompted deadline extensions for summer sports signups. Posts later said the registration software was back up, but swim-lesson registration was postponed to March 16.
South Jordan, Utah, posted notices on its parks and recreation pages saying its Sportsman/ActivityReg registration system was in an extended system-wide outage that made both online and in-office registrations unavailable until further notice.
Monroe, Wisconsin, also posted an update saying Sportsman software was down for internet and in-person registrations and advised residents with urgent issues to call the department office.
Sportsman is widely marketed to local governments for managing memberships, reservations and activity registration. The City of South Euclid, Ohio, describes Sportsman as a Peak product used to streamline parks and recreation functions including pool memberships, pavilion reservations and activity registration.
Peak’s disruption fits a broader pattern in which cyber incidents at widely used government software vendors cascade into day-to-day public services. In late 2025, the CodeRED emergency notification platform used by many municipalities was taken offline following what cities described as a targeted ransomware attack on the legacy CodeRED environment. More recently, Midway, Florida confirmed a ransomware breach involving the SmartCOP police records system, disrupting access to police documents and public records while officials investigated potential exposure. And in a well-known earlier example, Tyler Technologies, a major public-sector software provider, reported a ransomware incident in 2020 that disrupted access to some internal systems, underscoring how vendor incidents can affect many government customers at once.
Peak has faced major platform downtime before. In a 2023 Sportsman knowledge-base post about a cloud outage, a Peak executive said all systems, including Sportsman Web and ActivityReg, were down for hours due to a data center network connectivity error and called it one of the largest outages in the company’s history.
