Apex Recovers Data Stolen in 2024 Cyberattack

Town secures court order to compel cloud provider to return data affecting 22,000 residents

Mar. 30, 2026 at 7:19pm

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D macro illustration of a futuristic cybersecurity server rack, with neon cyan and magenta lights illuminating the complex hardware and cables, conceptually representing the technical complexity and high-stakes nature of the cyberattack on the town of Apex's data infrastructure.Apex's decisive legal action to recover stolen data sets a precedent for municipalities to protect residents' privacy from cybercriminals.Apex Today

The town of Apex, North Carolina successfully recovered stolen data affecting 22,000 residents after a July 2024 cyberattack by securing a court order against a third-party cloud provider where the data was stored. This set a legal precedent that municipalities have the right to recover their own data when it is unlawfully taken.

Why it matters

Cyberattacks on local governments are an increasing threat, as criminals target public data and services. Apex's actions demonstrate that municipalities can take decisive legal action to protect residents' privacy and recover stolen information, even when it is held by a third-party cloud provider.

The details

In July 2024, the town of Apex was the victim of a cyberattack that compromised the personal data of about 22,000 residents. The town worked with the FBI and the cloud storage provider Bublup, Inc. to locate the stolen data, which had been stored within Bublup's cloud. However, Bublup declined to release the data back to the town without a court order. Apex then petitioned the Wake County Superior Court for immediate relief, and on October 10, 2024, the court granted a Temporary Restraining Order requiring Bublup to provide the town full access to its data. This legal action set a precedent that municipalities have the right to recover their own data when it is unlawfully taken.

  • In July 2024, the town of Apex was the victim of a cyberattack.
  • On October 10, 2024, the Wake County Superior Court granted a Temporary Restraining Order requiring Bublup, Inc. to provide the town of Apex full access to its data.
  • On October 21, 2024, the Temporary Restraining Order was extended.

The players

Apex

The town of Apex, North Carolina, which was the victim of a cyberattack in July 2024 that compromised the personal data of about 22,000 residents.

Bublup, Inc.

A cloud storage provider that was holding the stolen data from the Apex cyberattack, and declined to release the data back to the town without a court order.

FBI

The Federal Bureau of Investigation, which worked with the town of Apex to locate the stolen data.

Wake County Superior Court

The court that granted a Temporary Restraining Order requiring Bublup, Inc. to provide the town of Apex full access to its data.

Randy Vosburg

The town manager of Apex, who stated that the town took decisive legal action to recover the stolen data and protect the privacy rights of its residents.

Got photos? Submit your photos here. ›

What they’re saying

“When public data is targeted by criminal actors, we must have clear pathways to recover it quickly. We saw the opportunity, and we hope that taking decisive legal action in this case will allow other local governments to also take a stand for the privacy rights of their residents.”

— Randy Vosburg, Apex Town Manager

What’s next

The town of Apex will continue to work with cybersecurity professionals to assess their safeguards against constantly evolving threats.

The takeaway

This case demonstrates that municipalities have the legal right to recover their own data when it is unlawfully taken, even if it is held by a third-party cloud provider. Apex's successful court action set an important precedent for other local governments to protect their residents' privacy and data in the face of growing cybersecurity threats.