The State of Nevada is contending with the fallout of a major cyberattack that struck government systems early Sunday morning, disrupting critical public services and flashing a round-the-clock recovery effort involving state, local, and federal agencies.
Governor Joe Lombardo and state officials confirmed this week that while some systems have begun to come back online, key agencies, including the Department of Motor Vehicles (DMV) and the Nevada Health Authority, remain heavily impacted. The scope of the Nevada cyberattack, described as a ransomware attack, is still being investigated, and officials have not yet determined what kind of data was compromised.
The Nevada Cyberattack and Initial Response
The cyberattack on Nevada was detected in the early hours of Sunday, when security teams flagged unusual activity on state networks. In response, Nevada’s Office of the Governor and the Governor’s Technology Office (GTO) activated an emergency protocol, immediately isolating affected systems to contain the attack and launching 24/7 recovery operations.
Because the breach remains the subject of an active criminal investigation, state officials said they cannot disclose technical details, citing Nevada Revised Statute 242.105. However, they acknowledged that “some data has been extricated,” though the content of that data remains unclear.
“If we eventually find out it contains personal identifiers, we will make that public as soon as possible,” Gov. Lombardo told reporters at a press conference in Las Vegas, the second briefing held in as many days.
Impact on Nevadans
The Nevada cyberattack has forced temporary closures of state offices and disrupted access to websites and phone lines across agencies. While emergency services remain intact, including 911 call-taking and law enforcement access to the FBI’s National Crime Information Center — the public has been advised to expect intermittent outages when accessing non-emergency government resources.
The DMV has been hit particularly hard. Director Tonya Laney announced that all in-person and online services remain suspended indefinitely. In an effort to ease public frustration, the state has pledged to waive expirations, late fees, and penalties that fall within the outage window. Canceled appointments will be honored as walk-ins for at least two weeks after services resume.
“We hear the community when you’re telling us this feels like post-COVID times, where people might use this as an excuse to drive unregistered,” Laney said. “We are paying attention to that and this leniency only applies to the outage period.”
At the Nevada Health Authority, paper applications are being accepted for Medicaid benefits while digital systems remain down. Director Stacie Weeks expressed optimism that online portals could be restored in the coming days.
Meanwhile, state payroll and pension systems remain unaffected. Officials also confirmed that the monthly per-pupil funding for Nevada’s public schools was successfully transmitted to districts on time, ensuring education budgets were not disrupted.
Protecting the Public
With uncertainty over the extent of the data breach, the state has urged Nevadans to remain vigilant against potential scams. Officials warned residents to be cautious of unsolicited calls, emails, or texts asking for personal information or payments.
“The State will never ask for your password or bank details over phone or email,” a statement from the GTO noted. Residents are encouraged to verify information on official government channels and report suspicious contacts to their agency security officer.
Government in Recovery Mode
Gov. Lombardo emphasized that his administration has prioritized restoring the most critical services first. Temporary routing and operational workarounds have been implemented to maintain public access where possible. Systems are being validated before returning to full operation, a process officials say is essential to avoid further risk.
“There’s no absolute policy when it comes to ransomware,” Lombardo said, noting that Nevada is still evaluating whether to rebuild systems entirely or consider paying a ransom. He declined to disclose the ransom amount or speculate on the attackers’ motives.
Despite the challenges, Lombardo sought to reassure residents that government agencies acted quickly. “While this incident has posed challenges, I want Nevadans to know one thing clearly: Our government and our partners acted quickly and effectively to secure the critical services our communities rely on.”
Politics and Presence
The governor also faced questions over his absence from a Wednesday press conference in Carson City. His office confirmed he was in rural northern Nevada attending long-scheduled events, including a temple celebration and meetings on wildfire recovery and local economic issues.
Critics, including state Democrats, questioned the optics of his absence during a high-profile crisis. Lombardo defended his decision, saying he was receiving hourly updates and remained fully engaged with his directors and response teams.
“I want everybody to be aware, I am fully engaged. I have never lost contact with any of my directors,” he said. “As constant as 24 hours a day, there’s been conversation. I have never been unavailable as your governor during this crisis.”
For now, Nevadans are being asked for patience as services gradually come back online. “We know this has disrupted daily life, but our focus is on restoring systems safely,” Lombardo said.
With critical operations like payroll, pensions, and school funding safeguarded, the state is striving to minimize the fallout. Yet for thousands of residents waiting to renew a driver’s license, file Medicaid paperwork, or access other routine services, the cyberattack is a reminder of just how vulnerable modern governance can be in the digital age.
