City of Sheboygan Data Breach Affects 67,947 People

On October 31, 2024, the City of Sheboygan, Wisconsin experienced a data security incident involving unauthorized access to its digital systems. According to official disclosures, the breach began with an "encryption event" that disrupted the city's network.

Upon detecting suspicious activity, city officials quickly secured their systems and engaged a digital forensics and incident response firm to investigate the scope and impact of the breach.

After a thorough analysis, it was determined that certain data stored on a segment of the city’s network had been accessed or acquired without authorization. The investigation concluded on May 14, 2025, when the city learned that personal information belonging to 67,947 individuals in the United States had been compromised.

The exposed information varies by individual, but may include names, dates of birth, Social Security numbers, driver’s license or state ID numbers, and license plate or vehicle identification numbers.

The breach affected residents in several states, including 293 people in Texas, 18 in Massachusetts, and 6 in Maine. The City of Sheboygan disclosed the incident to the Maine Attorney General, Texas Attorney General, and Massachusetts Attorney General in late May 2025. Notifications to affected individuals began on May 23, 2025, via written notice through U.S. Mail.

City of Sheboygan's response

In the wake of the breach, the City of Sheboygan took steps to secure its digital environment and prevent further unauthorized access. The city engaged independent cybersecurity experts to investigate the incident and assess the extent of the data exposure. Following the investigation, the city implemented additional technical security measures to enhance its network protections.

To support those affected, the city is offering complimentary identity protection services through Cyberscout, a TransUnion company. Impacted individuals whose Social Security numbers were involved are eligible for credit monitoring and proactive fraud assistance for a period of 12 months from the date of enrollment. Affected residents are encouraged to enroll in these services within 90 days of receiving their notification letter.

If you were notified, it is important to:

• Review your account statements and credit reports for suspicious activity.
• Consider placing a fraud alert or security freeze on your credit file.
• Take advantage of the free identity protection services offered.
• Report any suspected identity theft to law enforcement, your state attorney general, or the Federal Trade Commission.

The city has provided a dedicated call center at 1-833-998-9835 for questions about the incident and available resources.