Leduc County Confirms Ransomware Attack Disrupting Municipal Operations on Christmas Day
Published on January 5, 2026
Key Takeaways
- Christmas Day Incident: Leduc County administration discovered a deliberate cybersecurity breach on December 25, 2025.
- Ransomware Attack: The cybersecurity incident was subsequently identified as a ransomware attack that disabled certain IT systems.
- Operational Impact: Services currently unavailable include email platforms and online permitting portals.
Local officials have confirmed that Canada’s Leduc County was the target of a significant ransomware attack discovered on December 25, 2025. Upon detecting the intrusion, the administration identified that several IT systems had been compromised and disabled additional networks to limit the spread of the malware and protect sensitive data.
This swift containment strategy was deployed immediately after discovery, effectively taking various municipal services offline while the scope of the breach was assessed.
Cybersecurity Incident Response and Mitigation
On January 4, Leduc County Mayor Tanni Doblanko stated that the attack was quickly detected, allowing the administration to engage experts and disable systems rapidly to minimize potential damage.
Impacted services used by Leduc County include:
- Outlook (emails)
- Typer Permitting (online portal used for safety codes permits, development permits)
- Website form submissions
In the wake of the ransomware attack, the Canadian county initiated a comprehensive cybersecurity incident response plan. Administration immediately engaged a third-party cybersecurity firm to lead the mitigation efforts and conduct a thorough forensic investigation.
Key stakeholders, including the Royal Canadian Mounted Police (RCMP), insurance carriers, and financial institutions, were notified of the security breach.
Ongoing Investigation and Service Restoration
Currently, the forensic investigation is ongoing, but preliminary findings indicate that only a minimal amount of information has been affected. As part of the recovery process, IT systems disabled during the incident will remain offline until they can be safely restored.
The county is prioritizing the resumption of normal business operations and has committed to providing updates to residents and business stakeholders via its official website as new information becomes available.
In other related news, the Marquis Software ransomware attack impacted financial institutions, with Artisans' Bank and VeraBank confirming data exposure last week.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular