The city of Philadelphia recently experienced a significant cybersecurity breach in May 2023, impacting both the city and its residents and employees [4]. This breach involved unauthorized access to certain city email accounts [4], potentially compromising personal and protected health information [2] [3].


The breach, discovered on May 24, 2023 [2] [3], revealed that unauthorized actors had access to the compromised accounts since March 2023 [2]. The investigation found that these threat actors may have accessed the compromised email accounts for at least two months after the incident was discovered [3]. This poses a significant risk of identity theft, particularly for city employees.

City officials have not provided specific details on how the attackers breached the email accounts or why there was a delay in disclosing the incident for five months [3]. However, the city has taken immediate action by releasing a notice advising individuals to remain vigilant. They are encouraged to review account statements and credit reports and promptly report any suspicious activity to insurance companies, healthcare providers [1], or financial institutions [1].

The city has also reported the breach to the US Department of Health and Human Services and is actively working to enhance cybersecurity measures and validate the identities of those affected. A thorough review of the impacted email accounts is underway [2], and affected individuals will be notified once the review is completed. Additionally, the city is reviewing its policies and implementing additional security measures [2].


This breach highlights the challenges that public organizations face in maintaining strong cybersecurity [4], especially with limited budgets and understaffed IT departments [4]. It is crucial for relevant authorities and regulators to be notified, and individuals are advised to remain vigilant against fraudulent activities [2].

The incident notice did not provide technical details or explain the delay in disclosing the breach [2]. However, it is important to note that this is not the first email breach the city has experienced, as a previous incident occurred in 2020 due to a successful phishing attack on an employee [2].

Moving forward, it is imperative for the city to continue prioritizing cybersecurity and allocate sufficient resources to prevent future breaches. By doing so, they can protect the personal information of their residents and employees, ensuring a safer digital environment for all.