The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems.
In mid-October 2023, the Kansas courts authority disclosed a "security incident" that impacted the availability of multiple systems, including the eFiling system attorney's use for document submission, electronic payment systems, and the case management systems used by district and appellate courts.
Over a month later, the system status remains unchanged, with the following services flagged as currently offline:
- Kansas Courts eFiling: For electronic document filing
- Kansas Protection Order Portal: For electronic document filing
- Kansas District Court Public Access: For searching district court cases
- Appellate Case Inquiry System: For searching appellate court cases
- Kansas eCourt Case Management: Used by district courts for case processing
- Kansas Attorney Registration: For searching attorneys by name or bar number
- Kansas online marriage license application
- Central Payment Center
An update posted on the Kansas Judicial Branch newsroom called the impact on these systems temporary and underlined the more dire aspect of the cyberattack by confirming a data breach.
"While the impact on our information systems is temporary, the cybercriminals also stole data and threatened to post it to a dark web site if their demands were not met," reads the press release.
"Based on our preliminary review, it appears the stolen information includes Office of Judicial Administration files, district court case records on appeal, and other data, some of which may be confidential under law."
The situation holds the core elements of a typical ransomware attack, involving system outage caused by local file encryption and also double extortion threatening to publish stolen files if the ransom isn't paid. Still, the announcement does not specify the type of the attack.
The Kansas authority estimates it'll need several weeks until all systems return to normal status. It promises to notify impacted individuals as soon as its review of the stolen data has been completed.
The statement takes a more personal turn, calling this an attack "against all Kansas" and characterizing the perpetrators as evil.
At the time of writing, no known ransomware operations have publicly taken responsibility for the attack.
Comments
mikebutash - 11 months ago
Any state and local .gov are prime targets, always underfunded and gross incompetence running them from a bygone era borne of politics, not technical aptitude. It's hardly news worthy to report them being owned, it's simply a matter of time before they are and added to the list.
The real question is does anyone really notice before it is too late? What does the government to do counter the trend before they lose control even? Not much of a republic when one can't manage the sycophants or ingest their tithes.