close
close

Press Releases – KS Courts

TOPEKA – The Kansas Office of Judicial Administration worked with a vendor to contact people whose personal information was accessed during a cybersecurity incident on Oct. 12 to provide them with more information about the incident and resources to help them protect themselves to provide.

Chief Justice Marla Luckert, speaking on behalf of the Kansas Supreme Court, said the court regrets that these notices are necessary.

“We are sorry that anyone was personally affected by the actions of the criminals who attacked our court computer systems,” Luckert said. “The judiciary respects the confidentiality of the information provided to us and it is a high priority throughout the court system to protect this information.”

Luckert added that the Office of Justice Administration has implemented additional security controls since the incident and will continue to enhance its security controls in the future to reduce the possibility of future cybersecurity incidents.

Investigating the impact of cybersecurity incidents

After the cybersecurity incident on October 12, the Office of Justice Administration began working with cybersecurity experts to investigate what happened and what was affected. The investigation revealed that there had been unauthorized access to files stored on the Office of Judicial Administration network.


Through a comprehensive investigation of the files accessed during the cybersecurity incident, cybersecurity experts and the Office of Justice Administration verified that some files contained personal information. This review was completed on April 23, 2024.

“We store information on our networks in various formats and some files are complex, which took longer to identify the files containing personal information,” Luckert said. “We believed it was worth the extra effort and avoidance of unnecessary worry to make it clear who was affected and who was not.”

The comprehensive investigation reduced the potential number of affected individuals to approximately 150,000 from a population that would have included anyone who ever interacted with Kansas courts.

Personal information comes from files submitted to the Office of Judicial Administration in litigation before the Kansas appellate courts, applications to the Kansas Bar Association, or other administrative records maintained by the office, and may include names, addresses, dates of birth, social security numbers, driver’s license, or other government identification card numbers, government identification card numbers, tax identification card numbers, financial account information, payment card information, passport numbers, biometric identifiers, health information or health insurance policy information.

Notification of affected persons

Those affected were notified by letter if address information was available. If address information was not identifiable, notification was made by publication in the media, on the Justice Department’s website and, where appropriate, by notice to the media.

Notification letters to individuals include recommended steps they can take to monitor and protect their personal information. These alerts also provide free credit monitoring and identity restoration services to affected individuals.

No notifications by phone, text or email

There will be no notifications by phone, SMS or email. If someone receives a call, text or email about the cybersecurity incident, they are advised to end the call or delete the text or email. Telephone communication about the cybersecurity incident should be initiated by the individual.

Information page

An information page on the Kansas Department of Corrections website answers common questions those affected may have about the cybersecurity incident and their personal information. It includes a phone number that people can call if they have questions.

The website can be accessed at www.kscourts.org/security-incident.

Cybersecurity Incident Response

As soon as the Office of Justice Administration discovered unauthorized activity on its network, it took immediate action to protect the network, secure information, and begin investigating the incident and its impact.

The office also began working with cybersecurity experts to conduct a forensic investigation. As part of this investigation, it was discovered that there had been unauthorized access to the files stored on the Justice Administration network. Additionally, some files were found to have been exfiltrated and were reviewed by cybersecurity experts for personal information.

Affected individuals with questions may call 1-888-861-6382 between 8 a.m. and 8 p.m. Central Time, Monday through Friday, excluding holidays.

The Kansas Office of Judicial Administration takes seriously the need to protect the privacy and security of all information in its custody and regrets any inconvenience or concern this matter may cause.