NJ Business Sues Municipality Following Cybersecurity Attack

45 Legion Drive LLC did what any legitimate business would do and sent property tax payments to the local taxing authority. Unbeknownst to them, the payments, totaling more than $550,000, were diverted into the less than legitimate pockets of cyber hackers. The company claims to have suffered significant financial losses and has filed a lawsuit against Cresskill officials.

Cyber-attacks targeting local governments in New Jersey have become a persistent and growing concern. Since 2021, the state has experienced anywhere from 531 to 559 cyberattacks annually across sectors. New Jersey Takes Stock of Cybersecurity Threats, Protections. These attacks have resulted in major setbacks for local governments. For instance, a ransomware attack which took place in November 2024 forced the closure of Hoboken’s City Hall and suspended municipal court proceedings as well as other local services. Union Township’s school district also faced a significant cyber-attack in May 2024 in which critical systems were taken offline. These attacks indicate that cyber threats should be a paramount concern for municipalities.

In the case of 45 Legion, the company alleges that the borough was negligent in failing to secure its IT systems. It thought that it was making payments to the borough’s bank account but instead wired hundreds of thousands to a fraudulent account. Even though some of the funds were recovered, 45 Legion claims that it suffered an economic loss of $197,159.08.

45 Legion is now suing the borough for negligence, alleging that it failed to exercise reasonable care with respect to its digital communication systems. It alleges that the borough knew about existing vulnerabilities in its IT systems yet failed to take the steps necessary to secure them, leading to foreseeable financial harm.

This lawsuit highlights the importance of implementing and maintaining robust cybersecurity measures. As cyber threats grow more sophisticated and frequent, proactive investment in digital infrastructure, staff training, and incident response planning are no longer optional – they’re essential. The 45 Legion lawsuit should serve as a powerful reminder of the real-world consequences of cybersecurity lapses. To avoid similar situations, municipalities are encouraged to review safeguards and address vulnerabilities.

To read the full article, click here.