Apex Notifies 22,000 Residents After Recovering Files From 2024 Cyberattack

Apex notified 22,000 current and former residents on March 30 that their Social Security numbers and government-issued IDs may have been stolen, completing a legal and forensic recovery effort that stretched more than 20 months following a ransomware intrusion first discovered on July 2, 2024.

The roughly 22,000 people affected represent approximately a quarter of Apex's total population, placing it among the larger municipal data incidents in western Wake County. Town officials said the stolen files were held by a U.S.-based third-party cloud storage provider and were recovered after Apex petitioned Wake County Superior Court, which issued a temporary restraining order in October 2024 compelling the provider to surrender the data.

Town Manager Randy Vosburg confirmed the recovery and said the town has no evidence the files reached the dark web. "We hopefully are closing out this chapter on the cyber event," Vosburg told ABC11. "This is the last piece of us notifying those residents and our employees that that breach occurred, but also finding comfort in the fact that we brought it back and it didn't go too far into the dark web."

After securing the court order, Apex hired outside forensic experts, engaged the North Carolina Joint Cybersecurity Task Force, rebuilt compromised systems and worked alongside the FBI throughout the investigation, a process that ran from the summer of 2024 through late March 2026.

Affected residents are encouraged to place fraud alerts with credit bureaus, monitor statements from banks and government agencies, and take advantage of identity-theft protection services. Direct notifications include specifics about the types of data involved and recommended next steps such as credit monitoring.

The case has drawn broader attention for its use of civil court action to compel a cloud provider to return stolen data, a legal strategy that other municipalities confronting ransomware incidents may closely study. The town said it will continue cooperating with federal law enforcement and issue additional notifications as its review concludes; residents with questions can find guidance on the town's official incident web page.