A ransomware attack took out parts of the Knoxville city website but did not compromise personal or financial information.

The Tennessee city’s public safety operations were spared, Knoxnews cited Chief Operations Officer David Brace, deputy to the mayor, as saying. Brace said the fire department discovered the attack but didn’t disclose the amount or terms of the ransom demand.

The city believes the attack occurred after an employee opened a phishing email.

“Educating employees on the dangers of phishing attacks like the one that apparently hit the City of Knoxville’s network may seem like a needless expense, but as Knoxville has learned, it is an investment in online safety,” said Chris Hauk, consumer privacy champion at Nashville-based Pixel Privacy. “I do commend the City of Knoxville’s IT department for having backed up their servers and apparently keeping the backups isolated from the main network. This is a vital part of any recovery plan.”