Minnesota Gov. Tim Walz said on July 29 that he activated the state’s National Guard in response to a large-scale cyberattack on St. Paul that has led to a citywide service outage.
Walz’s office said in a statement that the governor issued an executive order activating “cyber protection assets” from the Minnesota National Guard because the “magnitude and complexity of the cybersecurity incident have exceeded the city’s response capacity.”
The National Guard will help ensure the safety and security of residents and will ensure that vital services continue to run in St. Paul, his office said.
“We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” Walz said. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”
According to Walz’s emergency executive order, the cyberattack began on July 25 and persisted through the weekend, causing “significant disruptions and impairing St. Paul’s ability to provide vital services.”
The order mobilizes the personnel, equipment, facilities, and resources needed to assist Minnesota in response to the cyberattack.
In a statement, the office of St. Paul Mayor Melvin Carter said the city has activated its Emergency Operations Center to lead response efforts and assess the full extent of the breach.
Staff are working “around the clock” in partnership with national cybersecurity partners, the Minnesota Information Technology Services team, and federal law enforcement to “investigate the incident, implement containment strategies, and rebuild secure systems,” his office said.
“The full extent of the attack, including whether any sensitive information was accessed, remains under investigation,” the statement reads.
Carter declared a state of emergency, authorizing the city’s Department of Emergency Management and Office of Technology and Communications to mobilize support from local, state, and federal partners to lead a coordinated response to the cyberattack.
At a press conference on July 29, Carter said the city’s cybersecurity protection systems were alerted to suspicious activity on the city’s internal network in the early hours of July 25.
An investigation was launched immediately and confirmed it was a “deliberate, coordinated, digital attack” carried out by a sophisticated hacker “intentionally and criminally targeting [St. Paul’s] information infrastructure,” he said.
Neither Carter nor Walz disclosed details about the exact nature of the attack, and it remains unclear who was responsible.
The mayor said city leaders proactively initiated a full shutdown of information systems to contain the threat. This led to citywide service outages, he said.
Emergency services continue to operate as normal, he noted.
“While these disruptions are difficult, they are necessary steps to limit exposure, preserve system integrity, and protect sensitive information,” he said.
Carter said that the city has also hired two firms to help trace the source of the attack and evaluate the extent of the damage it caused. He did not name the firms.
The city is also working with the FBI, he said.
An FBI spokesperson told Reuters that the agency was aware of the situation and in contact with city officials.
“We are working with partners and lending our investigative expertise,” the spokesperson said.
The FBI did not respond to a request for comment.
