close
close

Individuals affected by a cybersecurity incident in court must be contacted

TOPEKA, Kan. (KSNW) – The Kansas Office of Judicial Administration says it worked with a vendor to contact people whose personal information was accessed during a cybersecurity incident on Oct. 12.

Chief Justice Marla Luckert said the Office of Justice Administration has implemented additional security controls since the incident and will continue to improve its security controls in the future to reduce the possibility of future cybersecurity incidents.


Investigating the impact of cybersecurity incidents

After the cybersecurity incident on October 12, the Office of Justice Administration began working with cybersecurity experts to investigate what happened and what was affected. The investigation revealed that there had been unauthorized access to files stored on the Office of Judicial Administration network.

Through a comprehensive investigation of the files accessed during the cybersecurity incident, cybersecurity experts and the Office of Justice Administration verified that some files contained personal information. This review was completed on April 23, 2024.

“We store information on our networks in various formats and some files are complex, which took longer to identify the files containing personal information,” Luckert said. “We believed it was worth the extra effort and avoidance of unnecessary worry to make it clear who was affected and who was not.”

The comprehensive investigation reduced the potential number of affected individuals to approximately 150,000 from a population that would have included anyone who ever interacted with Kansas courts.

Personal information comes from files submitted to the Office of Judicial Administration in litigation before the Kansas appellate courts, applications to the Kansas Bar Association, or other administrative records maintained by the office, and may include names, addresses, dates of birth, social security numbers, driver’s license, or other government identification card numbers, government identification card numbers, tax identification card numbers, financial account information, payment card information, passport numbers, biometric identifiers, health information or health insurance policy information.

Notification of affected persons

Those affected were notified by letter if address information was available. If address information was not identifiable, notification was made by publication in the media, on the Justice Department’s website and, where appropriate, by notice to the media.

Notification letters to individuals include recommended steps they can take to monitor and protect their personal information. These alerts also provide free credit monitoring and identity restoration services to affected individuals.

No notifications by phone, text or email

There will be no notifications by phone, SMS or email. If someone receives a call, text or email about the cybersecurity incident, they are advised to end the call or delete the text or email. Telephone communication about the cybersecurity incident should be initiated by the individual.

Information page

An information page on the Kansas Department of Corrections website answers common questions those affected may have about the cybersecurity incident and their personal information. It includes a phone number that people can call if they have questions. The website can be accessed here.