St. Paul is staring at a bruising $2.5 million bill after last summer’s cyberattack, a hit that knocked city networks offline, pulled in state and federal responders, and forced a crash course in digital damage control. City officials say the tally reflects emergency work to keep basic services running while systems were rebuilt and secured, and they are now drafting what they describe as a comprehensive improvement plan.
According to KSTP, the $2.5 million in unplanned recovery costs includes overtime, consulting support and new equipment. Services accounted for the largest chunk of that number, more than $2 million. Jonathan Wrolstad, a University of Minnesota cybersecurity professor, told the outlet, “It is expensive to have your data breach... you need to pay a lot of really highly skilled professionals.”
State Aid And Budget Pressures
Gov. Tim Walz has signed off on $1.2 million in state disaster assistance to help St. Paul dig out from the attack, part of a wider state response to the incident, according to GovTech. Looking further ahead, the city’s 2026 budget sets aside additional cybersecurity funding that officials say will support longer term upgrades. City leaders cast the state help and the future budget boost as ways to soften the immediate blow while they work on modernizing older, legacy systems.
How The City Responded
City timelines trace the start of the incident to July 25, 2025, when staff spotted suspicious activity on the network and leadership made the call to shut down many systems to contain the intrusion. The Minnesota National Guard’s Cyber Protection Team joined federal partners and private incident responders to assist St. Paul, while the city launched “Operation Secure Saint Paul,” a large scale push to reset passwords and inspect devices across thousands of employee accounts, according to the City of Saint Paul.
After the city refused to pay a ransom, the attackers published about 43 gigabytes of data from the Parks and Recreation department. A forensic review is underway, along with legally required notifications, as officials work through the fallout described on the city’s incident hub.
After Action Review And The Next Steps
The city says cybersecurity specialists are finalizing a comprehensive after action report that will lay out specific next steps and investments. That process is in its final stages, KSTP reported. Officials postponed a planned interview until their data analysis is complete and told the station they expect the work to wrap up within the next month. City leaders say the longer term goal is to move off aging legacy systems and onto more modern platforms with stronger protections.
What Residents Should Know
Throughout the incident, emergency services such as 911 stayed online. The city has since worked to bring back public facing tools like library Wi Fi and payment portals, while separating public networks from internal systems to keep them more insulated. The City of Saint Paul’s incident hub also flags the risk of fraudulent invoices and notes that employees are being offered identity theft protection as part of the recovery, per official updates.
Officials stress that the $2.5 million figure is just the immediate response cost and not the total price of shoring up the city’s digital defenses. The current tally offers a concrete snapshot of what it takes to recover from a major municipal cyberattack, even as St. Paul banks on state aid, new budget priorities and its pending after action report to help close this chapter and lower the odds of reliving it.
.jpg){kind=link}