58°F
weather icon Clear
Las Vegas, NV
Nevada

6 things to know about Nevada’s cyberattack, per experts

A woman arrives at the DMV office on east Sahara Avenue to find it closed Tuesday due to a cybe ...
A woman arrives at the DMV office on east Sahara Avenue to find it closed Tuesday due to a cyberattack on Nevada state government computers. (Benjamin Hager/Las Vegas Review-Journal)
More Stories
Man pleads guilty to stalking Nevada governor, may spend years in prison
Federal prosecutors are appealing a judge’s ruling disqualifying acting Nevada U.S. attorney ...
Federal prosecutors to appeal judge’s decision to disqualify Chattah
The Supreme Court of Nevada’s Las Vegas building is seen Friday, March 7, 2025. (Sam Mor ...
Law enforcement wants open investigation records kept secret. What does that mean for Nevadans?
Local effects of federal government shutdown limited — for now
By / Las Vegas Review-Journal
August 29, 2025 - 2:01 pm
 

Nevada entered its sixth day Friday reeling from a massive cyberattack that was discovered Sunday, and there are many questions left unanswered.

Gov. Joe Lombardo expressed that frustration in a press conference this week.

“I understand everybody’s frustration,” Lombardo said. “I’m frustrated. I wish I had the answers currently, but I am confident in our response and our continued evaluation of the systems.”

While state and federal officials continue to investigate, here are some common questions, accompanied by answers from cybersecurity experts.

1. What happened?

Early Sunday, Aug. 24, the state detected an attack to its systems. The governor’s technology office activated its cybersecurity incident response plan and worked to contain the threat, shutting down several state offices and systems.

Officials later confirmed “malicious actors” conducted what they described as a “sophisticated, ransomware-based” cyberattack. It is under active investigation by the FBI and other authorities.

The cyberattack led to state office closures and service disruptions. Officials have been unable to provide an estimated timeline for the full restoration of state services.

2. What kind of data could be at risk?

Nevada officials said that while data has been breached, it is unclear what kind of data it was. If they learn that “personally identifiable information” was breached, they must inform those affected.

But legally, there’s a specific definition to “personally identifiable information.” Under Nevada law, the definition is narrow and doesn’t cover every kind of personal data, according to Gregory Moody, director of cybersecurity programs at UNLV.

Personally identifiable information means an individual’s first name combined with someone’s Social Security number, driver’s license number, credit card information, health insurance ID number, or username or email addresses with its password. That information must also not be encrypted in order for it to count as personally identifiable information.

Nevada specifically excludes from government records the last four digits of a Social Security or driver’s license or information that is already public. Other possible leaked data that would not qualify as personally identifiable information includes a list of usernames without passwords and email addresses without passwords.

The state holds lots of data, most of which would not be considered personal data, according to Moody.

3. Who could be behind the attack, and what are their possible motivations?

Cybersecurity experts said a sophisticated organization is behind the attack.

The attacker is “not some kid in a basement” who figured out how to get into the systems; it likely came from a group with resources, time and skill, Moody said. In the cyber realm, they’re referred to as an “advanced persistent threat,” he said.

Nir Perry, CEO of the global company Cyberwrite, said organizations behind attacks like Nevada’s have hundreds of people working for them. They have access to top-notch technologies to research vulnerabilities, and they are well-organized.

Officials still don’t know the attackers’ motive, Lombardo said during a Thursday press conference. But experts provided some possible motives.

If the attackers are from a specific nation-state, they could want the data for intelligence purposes, according to Moody.

If they are from a criminal organization, they could be looking for data to sell on the dark web or could also use the data for potential blackmail purposes, he said.

“You can put together a whole digital footprint of people, and you can pick up mortgages in their name and mess up their lives,” Moody said.

It’s difficult to know the intent behind the attackers, but most likely, they saw an opportunity to extort an organization, Perry said.

“They took their chance, and they will either get paid or not. From their perspective, some organizations pay, some organizations don’t,” he said.

4. How could it have happened?

Officials haven’t confirmed how attackers were able to infiltrate Nevada’s systems, though cybersecurity experts provided some possibilities.

The attacker could have sent a phishing email or put “unpatched software” into a public-facing server, according to Cameron Call, chief technology officer at the Las Vegas-based cybersecurity company Blue Paladin.

State employees have multiple devices that connect to the internet, from printers to smart devices to AV equipment, Moody said. All those devices are a potential access point, he said.

“You’re talking about tens of thousands of ways that someone could get in,” Moody said.

The attackers could have circumvented hardware or software, or infiltrated systems with a social engineering scheme, where they appeal to a person for help and that person inadvertently gives the bad actors access, Moody said.

Attackers have a significant advantage compared to the defender when it comes to cybersecurity, Perry said.

“The Defender has to defend everything all the time for eternity,” Perry said. “And the attacker only has to find one hole, one time across eternity. … Over the span of five years, you’re going to make a mistake, and if they will move fast enough, then you will get hacked.”

5. Why is it taking so long to get systems up and running?

The governor’s technology office is working to restore services and rebuild the state’s systems, but staff must make sure external actors still aren’t on the system before bringing them back online, experts said.

“It’s still just going to take time,” Moody said.

To see the latest on which services are up and running, visit oem.nv.gov/recovery/

6. What should I be doing to protect myself?

Cybersecurity experts and state officials said there’s a few different steps residents can take.

They can maintain good financial security and password hygiene. Experts recommend keeping an eye on financial records for any unauthorized transactions or large changes to their credit scores.

Nevadans also should always be on the lookout for phishing attempts and refrain from clicking on suspicious links.

They also can freeze their credit, and they can check the website https://haveibeenpwned.com to see if their email was part of a security breach.

People can also buy personal cyber insurance to help monitor and mitigate the issue if their data is released.

Contact Jessica Hill at jehill@reviewjournal.com. Follow @jess_hillyeah on X.

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
MORE STORIES