MuniOS.com, operated by ImageMaster in Ann Arbor, Michigan, has been offline for several days following a ransomware attack, according to Bloomberg. The site is widely used to distribute “preliminary official statements,” the presale disclosure packets investors review before municipal bonds are sold. No group has claimed responsibility, and no ransom demand or data theft has been confirmed as of Wednesday, Oct. 15, 2025.
Municipal bonds are issued by states, cities and public agencies to fund roads, schools and other public works. MuniOS serves as a clearing point for the draft disclosure documents that help investors gauge risk and price upcoming deals. During past issuance surges, the platform handled a large share of these presale materials.
The outage is disrupting how those documents are posted and viewed. The Municipal Securities Rulemaking Board, a self-regulatory organization, told issuers on Oct. 14 that they can post preliminary official statements on its Electronic Municipal Market Access (EMMA) website. EMMA is the Securities and Exchange Commission–designated public repository for municipal disclosures. The board explained how authorized users can submit presale documents—even before the bonds have unique identification numbers, known as CUSIPs—and where investors can find them on EMMA’s presale page.
MuniOS has long dominated presale distribution. Bloomberg previously reported it captured about 72% of issuer use during the 2017 tax-reform rush, and ImageMaster has marketed its reach as exceeding 70% of the market. That concentration means even a short outage can slow deal preparation, fragment where investors find documents and add friction to analysts’ due diligence.
Key unknowns remain: who is behind the attack, whether any information was exfiltrated and when service will be restored. In the meantime, issuers that relied on MuniOS for centralized hosting and distribution lists are routing traffic to EMMA and, in some cases, to their own investor-relations pages to keep deals on track. Those without current MSRB accounts may need to onboard quickly so they can post documents directly.
