The U.S. Virgin Islands Economic Development Authority said a ransomware incident locked its computer systems and triggered a ransom demand of more than $300,000 as officials worked to restore access and assess whether data was compromised.
Gov. Albert Bryan Jr. later confirmed the attack in an interview with The Virgin Islands Consortium.
Bryan said the agency’s systems were “locked” and that officials were still determining what information, if any, may have been accessed. He said the authority maintains information submitted by beneficiaries, including tax-related documents, but it was not yet clear whether any of that data was exposed.
Authorities have not identified the attackers, and there have been no public claims of responsibility. The Economic Development Authority did not immediately respond to a request for comment.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The government has not detailed which internal applications were affected or whether any public-facing services were disrupted, beyond confirming the systems were locked.
Bryan said the authority recently obtained cyber insurance and is working through its insurer, which he said is coordinating with the FBI as officials try to unlock systems and protect the integrity of the data.
The Virgin Islands has dealt with significant cyber disruptions in recent years. In 2019, a ransomware incident affected the U.S. Virgin Islands Police Department, disrupting access to records and drawing in federal law enforcement. In 2025, Gov. Juan F. Luis Hospital experienced a cyber incident, and the same year officials also contended with a ransomware attack involving the V.I. Lottery.
The Economic Development Authority administers the territory’s economic development and tax incentive programs, with offices listed in Frederiksted on St. Croix and on St. Thomas.
Officials have not said whether data was taken, whether notifications will be required, or when normal operations will resume.
