May 29, 2025 6:20pm

The City of Sheboygan is grappling with the fallout of a ransomware attack that compromised the personal information of 67,947 individuals, with sensitive data including Social Security numbers, state IDs, and license plate numbers exposed. The breach, first detected on October 31, 2024, was publicly acknowledged by the city as a ransomware attack in early November, but it wasn’t until late May 2025 that affected individuals were notified, raising concerns about the seven-month delay.

According to a report by The Record, the attack was claimed by the Chort ransomware group, which allegedly stole 200 GB of data and posted it on the dark web. The city’s filing with the Maine Attorney General’s office last week confirmed the scope of the breach, prompting notifications to those affected. The City of Sheboygan has since offered one year of identity protection services to impacted individuals, though the criteria for this decision remain unclear.

The city’s initial response came on November 7, 2024, when officials announced, “We learned late last week of a potential issue with our network.” Three days later, an update noted they had secured their network and were working with cybersecurity experts to investigate “unauthorized access to our network by an external party.” A December 17, 2024, alert noted ongoing efforts to restore systems but provided no further details on the breach’s impact or notification timeline.

Then the Record published their story Tuesday. Dairyland Sentinel linked to that article in our Wednesday morning Key Reads newsletter.

On Wednesday afternoon, May 28, 2025, Dairyland Sentinel sent a series of questions to various officials at the City of Sheboygan. Other than an immediate automated response from Mayor Ryan Sorenson, no representative of the City of Sheboygan has responded to any of our questions.

However, following inquiries from the Dairyland Sentinel, the city issued a new statement confirming that notifications to affected individuals were underway and that the investigation was ongoing. The public update, published between 4 and 5 p.m., coincided with questions sent to Mayor Ryan Sorenson and the city’s contact person noted on the December alert, which was delivered at 12:14 p.m. that day. Our questions, listed below, sought clarification on the delay in notifications, the nature of the stolen data, engagement with law enforcement, and plans for further public updates:

  1. Why did it take approximately seven months from the breach on 10/31/24 to inform affected individuals about the compromise of their personal data? Have the notifications been completed?
  2. Can you provide details on the nature of the data accessed by the attackers, and what criteria were used to determine the City would offer one year of identity protection to affected individuals?
  3. Has the City of Sheboygan engaged with the Wisconsin Department of Justice, The FBI, or any law enforcement or cybersecurity experts to investigate the Chort ransomware group’s activities, and what is the status of that investigation?
  4. Will the City be issuing an update to the last public statement issued on December 17, 2024? (Note: As of 12:14p m on May 28, 2025 this had been the most recent update from the city.)

Despite follow-up emails to city officials no direct responses were received as of the time this article was published Thursday evening.

A report in the Sheboygan Press, published Wednesday, confirmed The Record’s breach’s scale and noted that City Administrator Bradley spoke to the outlet, stating that hackers accessed personal information and posted it on the dark web. However, the city has not publicly detailed why notifications were delayed until May 2025 or whether law enforcement agencies are actively investigating the Chort ransomware group’s activities.

The lack of transparency has left lingering questions for Sheboygan residents and all those affected.

Dairyland Sentinel will continue to monitor this story and seek answers.

Free!