Fitch Ratings-New York/San Francisco-29 August 2025: Fitch Ratings does not currently anticipate any immediate effect on the state of Nevada’s credit ratings from a recent cyberattack that continues to disrupt state operations, given the state’s strong fiscal position and prudent management practices including a pre-existing cyber incident response plan. Nevada has been experiencing a ransomware-based cybersecurity attack since Sunday, August 24. However, with many details pending, Fitch will monitor the situation for material financial or operational developments.
Nevada’s IT staff detected unusual activity on its network late Sunday night, which it later confirmed as a cyber breach. The attack, suspected to be a ransomware attack, has had a widespread effect on state operations. Upon detecting the breach, state officials immediately activated their established cybersecurity incident response plan, including containing the threat by isolating systems and taking them offline.
Many state offices have been closed since Sunday and systems remain offline. However, some agencies are beginning to resume operations to continue providing some service and benefits. The state notes that some data has been accessed and moved outside of the state’s network but details on the type of data at risk are still being analyzed. Based on other entities’ experience with cyber incidents, full resolution may take weeks.
Nevada’s ‘AA+’ Issuer Default Rating (IDR) and GO rating reflect the state’s well-managed and low liability position, strong revenue and expenditure frameworks, and historically responsive financial practices, as well as its success in managing rapid population growth and development. The Rating Outlook is Stable. Fitch anticipates Nevada will maintain financial resilience in the face of costs arising from the cyberattack.
Cyberattacks that cause system outages may disrupt operations, potentially challenging liquidity and resilience. Additionally, cyber breaches where information is stolen can elevate cost and litigation risk. Fitch currently views Nevada as well-positioned to mitigate these risks, though details of the extent of the cyber incident are still being investigated. Nevada is working with internal and external experts, as well as the appropriate federal authorities, to resolve the issue.
The cyberattack against Nevada highlights historic increases in the number, severity and frequency of cyber assaults for public sector issuers, as well as the increasing sophistication of threat actors. In rare cases, cyberattacks have led to downgrades for U.S. Public Finance issuers, often when those issuers were already facing fiscal or management challenges.