Rusk County in northwest Wisconsin said Tuesday it is investigating a cybersecurity incident that affected its network, and officials said they have brought in forensic experts to help determine the incident’s extent and implications as they work to restore operations. The county’s announcement was reported by WEAU and WQOW.
County officials said they recently discovered the incident in their “network environment” and are working with a forensic team to “restore operations within a safe and remediated network environment.”
The county said its “comprehensive assessment is ongoing and may span several weeks,” but it has not identified which systems were affected or whether any resident-facing services were disrupted. Officials also have not said whether community or employee information was accessed, though the county said it remains committed to protecting information, system security and data privacy.
As of late Wednesday, the county’s public website and online payment page were accessible and routed users to third-party payment processors, though officials have not said whether internal systems supporting payments, records or other operations were affected.
The county has not described the nature of the incident or who may be responsible, and there were no public claims of responsibility. The county also did not say when it detected the activity. The county did not respond to DysruptionHub’s request for comment.
Rusk County has about 14,188 residents, and its county seat is Ladysmith.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Public entities across Wisconsin have reported a run of cyber disruptions that have knocked organizations off routine systems even when emergency response remains online. In late April 2025, Iowa County officials took parts of the county network offline after suspicious activity, warning that permitting, records access and other nonemergency services could be disrupted while 911 and dispatch stayed operational. In May 2025, a cyberattack disrupted Cellcom voice and text services statewide as the carrier worked to restore service. And in late February 2026, the Denmark School District cited a “cyber incident” during a weeklong outage that left schools without internet for five school days, forcing staff and students to rely on paper-based workarounds.
Separately, the ransomware leak-tracking site Ransomware.live listed the county’s domain as an alleged victim of the Lynx ransomware group in December 2025. The listing is not confirmation of ransomware or data theft and has not been acknowledged by county officials. It was not clear whether that claim is connected to the newly disclosed incident.
County officials said the review is continuing as they work to restore operations. If investigators determine personal information was accessed, the county could face notification obligations under state and federal rules.
