In the summer of 2021, a rural water and sewage facility in Limestone, Maine, was hit with a major ransomware attack. The ransomware was confirmed to have infiltrated the facility's network by targeting a legacy Windows 7 computer connected to a SCADA system that controls the wastewater treatment machinery.
In 2013, Target was hit with a data breach that exposed the personal information of over 70 million individuals. The breach originated from a cyberattack on an unsecured third-party contractor that had a connection to Target's internal network. This connection allowed attackers to move from the contractor's systems into Target's network.
An attack on Efficency Escrow, Inc. in California in 2013 resulted in theft of $1.5 million. Between December 2012 and January 2013, the funds were extorted to locations in Russia and China. Efficency Services retrieved the funds sent to Russia, but were unable to retrieve the funds sent to China. Unable to replace the stolen funds, Efficiency was forced to close and lay off its staff.
A simple password attack resulted in the closure of KNP in Northamptonshire in 2025. Attackers exploited the 158-year-old transportation company by simply guessing a user's password. They then wreaked havoc on the internal network, encrypting data and locking staff out of systems. The company claimed to have standard cybersecurity controls in place, but met its fate by lacking a secure password policy.
Early in 2025, a school district in coastal Maine was affected by a cyberattack that stole $1 million in funds meant for a new school construction project. The threat actors used a classic social engineering technique where they impersonated a construction contractor working on the project. They eventually convinced the school district's accounts payable office to send the $1 million to their fake account. Through quick action, the school district was eventually able to recover the money, although the case remains under investigation.