BY RACHEL MIPRO, Kansas Reflector
TOPEKA —About 150,000 people who had some form of interaction with Kansas courts might have had their data breached in the October cyberattack that took the judicial system offline for weeks.
The Office of Judicial Administration on Monday announced findings from a third-party investigation into the cyberattack. The office said information accessed during the attack came from files given to the office through appellate court litigation, applications to the Kansas bar and other administrative records.
Information such as Social Security numbers, driver’s licenses, government identification cards, payment card information, tax identification card numbers, passports, and health insurance policy information could have all been accessed, among other data.
Chief Justice Marla Luckert apologized on behalf of the Kansas Supreme Court.
“We’re sorry anyone was personally impacted by the actions of the criminals who attacked our court computer systems,” Luckert said. “The judicial branch respects the privacy of information given to us, and it’s a high priority throughout the court system to keep that information secure.”
People impacted by the breach have been sent notification letters. In cases where the person’s address information wasn’t available, their notifications have been published on the judicial branch website.
Court officials stressed that notifications have not been made through phone, text or email, and warned Kansans against engaging with anyone using these forms of communications to talk about the cybersecurity attack. A court webpage has been implemented to help address questions.
The attack disrupted all but one of the state’s appellate court operations for weeks, with networks locked down and attorneys and judges relying on manual filing of court documents. In November, justices confirmed the attack was the result of a “sophisticated foreign cyberattack,” and that perpetrators “stole data and threatened to post it to a dark website if their demands were not met.”
Information on whether the judicial branch met these demands has not yet been released.
Luckert said the office has placed additional security controls in place and will work to reduce the possibility of future cybersecurity attacks.