The city of Middletown has released new details and guidance following an August 2025 cyberattack that compromised sensitive personal data.In a document posted on the citys website, officials said certain systems were affected b y a data security incident, prompting an immediate investigation led by third-party cybersecurity professionals.Investigators determined that an unauthorized third-party actor accessed and removed files from the citys network between July 29 and Aug. 17, 2025. The city said the files contained names, addresses, Social Security numbers, drivers license or other government identification numbers, financial account information and medical or health insurance data.The disclosure marks the first time the city has specified what information was accessed during the cyberattack.The incident also disrupted city operations, including water billing, which remained offline for several months before being restored in January 2026. The city has since established a grace period for charges incurred during the outage, set to run through Aug. 31, 2026.While we have no indication that there has been any fraud as a result of this incident, out of an abundance of caution commencing on June 3, 2026, Middletown notified individuals, the document read.Beginning June 3, affected individuals are being notified by mail and provided with guidance on protecting their personal information. Those whose Social Security numbers were included in the impacted files are being offered free credit monitoring.A city spokesperson referred all questions to a dedicated toll-free response line, 877-424-7139, which is available 9 a.m. until 9 p.m. Monday through Friday.An exact number of individuals who were affected was not available through a representative of the response line, which is ran by CyberStart, the cybersecurity portion of TransUnion. The representative said it was a large number of individuals, and those with a complete mailing addresses registered with the city would receive a notice in the mail. The representative said CyberStart was contracted by the city.The city is advising residents to take precautions against identity theft, including placing a one-year fraud alert on their credit file. This requires creditors to verify a persons identity before opening new accounts and can be initiated through any of the three major credit bureaus.This can be done by contacting: Equifax, P.O. Box 105069, Atlanta, Ga. 30348, equifax.com/personal/credit-report-services/credit-fraud-alerts/, 800-525-6285 Experian, P.O. Box 9554, Allen, Texas 75013, experian.com/help/fraud-alert/, 888-397-3742 TransUnion, P.O. ox 2000, Chester, Penn. 19016, transunion.com/fraudalerts, 800-680-7289When one credit bureau confirms the fraud alert, it will notify the other bureaus.Residents may also request a security freeze on their credit file, which restricts access to their credit report. This can be done by contacting all three nationwide credit reporting companies: Equifax Security Freeze, P.O. Box 105788, Atlanta, Ga. 30348, equifax.com/personal/credit-report-services/credit-freeze/, 888-298-0045 Experian Security Freeze, P.O. Box 9554, Allen, Texas 75013, experian.com/freeze, 888-397-3742 TransUnion Security Freeze, P.O. ox 160, Woodlyn, Penn. 19094, transunion.com/creditfreeze, (888) 909-8872Residents can also obtain a free credit report through AnnualCreditReport.com or by calling 877-322-8228.Full guidelines can be found at tinyurl.com/MiddletownDataNotice. ...read more read less