Kansas Court Investigation Confirms Cyberattack Compromised 150,000 People’s Personal Information • Kansas Reflector

TOPEKA — The October cyberattack that crippled the justice system for weeks may have had the data of about 150,000 people who had some form of interaction with Kansas courts breached.

The Office of Justice Administration announced results of an independent investigation into the cyberattack on Monday. The office said the information accessed during the attack came from files submitted to the office as part of appeals, applications to the Kansas Bar and other administrative records.

Information such as social security numbers, driver’s licenses, government-issued ID cards, payment card information, tax identification card numbers, passports, and health insurance policy information, among others, could be accessed.

Chief Justice Marla Luckert apologized on behalf of the Kansas Supreme Court.

“We are sorry that anyone was personally affected by the actions of the criminals who attacked our court computer systems,” Luckert said. “The judiciary respects the confidentiality of the information provided to us and it is a high priority throughout the court system to protect this information.”

Notification letters have been sent to those affected by the breach. In cases where the person’s address information was not available, their notices were posted on the Justice Department’s website.

Court officials emphasized that no notifications were made by phone, text or email and warned Kansans not to contact anyone using those forms of communication to discuss the cybersecurity attack. A Court website was implemented to help answer questions.

The attack disrupted all but one of the state’s appellate courts’ operations for weeks, locking down networks and forcing lawyers and judges to rely on manual filing of court documents. In November, Judges confirmed the attack was the result of a “sophisticated foreign cyberattack” and the perpetrators “stole data and threatened to publish it on a dark website.”

Luckert said the office has implemented additional security controls and will work to reduce the possibility of future cybersecurity attacks.

This story has been corrected to clarify information about the perpetrators’ demands.