The Anchorage Police Department (APD) has taken action after being notified of a cybersecurity incident involving a third-party service provider, emphasizing growing concerns around third-party cyber risks for local governments in the United States.
APD, which serves the Municipality of Anchorage in Alaska, confirmed that the cybersecurity incident is linked to Whitebox Technologies, a data migration firm that supports multiple agencies nationwide. The department was alerted to the issue on January 7, 2026, while preparing for an internal software system upgrade. Whitebox Technologies has not publicly commented on the incident.
No Evidence of Data Compromise, Anchorage Police Department Says
According to the Anchorage Police Department, there is currently no evidence that its systems were compromised or that departmental data was accessed by threat actors. However, the department emphasized that precautionary measures were immediately implemented to reduce risk and protect sensitive information.
In an official statement, APD said:
“Currently, there is no evidence indicating that APD systems have been compromised or that any APD data has been acquired by the threat actor. However, as a precautionary measure, the department is actively monitoring the systems and implementing protective measures to safeguard information.”
Anchorage, Alaska’s largest city, is home to approximately 300,000 residents, making the protection of public safety data a critical priority for municipal authorities.
Immediate Actions Taken to Secure APD Systems
Following notification of the APD cybersecurity incident, the city’s Information Technology Department (ITD) moved quickly to contain potential exposure. Officials confirmed that relevant APD servers were shut down, and access for the vendor and all associated third-party service providers was disabled.
Additionally, ITD oversaw the deletion and removal of all remaining APD data from the third-party service provider’s servers. APD has since initiated continued oversight of its internal systems and is closely monitoring for any unusual or suspicious activity.
As part of its response, APD also notified employees via email on January 7, advising them to remain alert and report any irregular system behavior through established channels.
Investigation Ongoing, Notifications Promised if Needed
The third-party service provider is leading the investigation, with APD working closely alongside other municipal departments to oversee the response. Officials stated that this collaboration is focused on ensuring appropriate safeguards are in place and minimizing potential risks as the investigation continues.
APD pledged that if it is determined that protected personal information was accessed during the incident, affected individuals will be notified in accordance with applicable requirements.
The department declined to provide further details about the nature of the cyberattack and confirmed that the incident is not related to a recent 311 service outage experienced by the city.
Whitebox Technologies and Broader Third-Party Risks
APD noted that Whitebox Technologies works with multiple agencies nationwide. Information published on the company’s website indicates it has provided services to municipalities in states including Washington, New Jersey, Oklahoma, and Maine.
The APD cybersecurity incident reflects a broader trend in which hackers increasingly target third-party service providers as a pathway into government systems. These vendors often hold or process sensitive data, making them attractive targets for cybercriminals.
Recent Cyberattacks
The Anchorage incident comes amid a wave of cyberattacks affecting local government technology providers. In November 2025, Crisis24’s OnSolve CodeRED emergency alert system was disrupted following a cyberattack claimed by the INC ransomware group.
That incident impacted local governments across the U.S., with some user data potentially exposed, including names, addresses, email addresses, phone numbers, and passwords. Crisis24 has since announced plans to launch a new secure CodeRED system, prompting varying responses from municipalities relying on the platform.
While APD maintains that its systems remain secure, officials confirmed that monitoring will continue as the investigation progresses. The department stressed that protective measures remain in place to safeguard information and maintain public trust.
