Greenville Concludes Investigation After Ransomware Attack

The city of Greenville has completed its investigation and confirmed that no sensitive data was compromised in an August ransomware attack and all city systems have been fully restored.

City officials announced on Oct. 3 that the cyber incident originated through an unnamed third-party service provider and was not the result of employee error or phishing. According to the city's release, the provider has taken steps to prevent future access, and the city worked with law enforcement and a third-party cybersecurity firm to assess and mitigate the attack.

Although customers of Greenville Electric Utility System (GEUS) experienced service interruptions, officials said GEUS’ systems were not targeted and remained secure throughout the event. Access to GEUS’ account database had been temporarily disabled as a precaution, which limited online payment access.

The investigation confirmed that no personal data, including Social Security numbers or financial information, was accessed. Payment systems remained unaffected as they are managed by a separate cloud-based provider.

All city services are now operational. Officials noted that GEUS paused late fees during the incident and plans to resume regular billing and disconnections in October, with normal billing schedules expected by the end of November.

City funds were not used to pay the ransom; the city’s cyber insurance policy covered the cost. Officials emphasized that the event will not impact local taxes and that Greenville continues to maintain cyber insurance coverage.

City Manager Summer Spurlock credited internal staff and external partners for a coordinated response and said the city would continue reviewing its cybersecurity infrastructure. Officials also defended the timing of public communication, citing law enforcement guidance that limited what could be shared while the investigation was active.