The seven justices of the Kansas Supreme Court issued a statement addressing the security incident on October 12, which disrupted the information systems used by courts across the state.
The officials of the Kansas Supreme Court have reported that a cyberattack, lasting for over five weeks, compromised the state’s court system. In this breach, cybercriminals infiltrated the system, exfiltrated confidential information, and issued threats to expose it on the dark web.
Kansas Court Cyberattack
After the state’s Judicial Branch declared a halt to electronic filings on October 12, computer security experts began to suspect foul play. The subsequent announcement labeling it a “sophisticated foreign cyberattack” validated their suspicions.
Up until now, state officials had provided only a vague description of the Kansas Court cyberattack, referring to it simply as a “security incident.
“A few weeks ago, the Kansas judicial branch was a victim of a sophisticated foreign cyberattack that impacted the information systems used by the Kansas judicial branch. This attack has temporarily incapacitated Kansas Office of Judicial Administration information systems, affecting daily operations of the state’s appellate courts and district courts in 104 counties,” reads the statement released by the Kansas Court.
The Judicial Branch, in a released statement, indicated that the state promptly informed authorities and swiftly severed external access to its court information system upon detecting the cyberattack on the Kansas Court.
“When we discovered the attack, we quickly disconnected our information systems from external access. We notified state authorities, and since that time have benefited from the continued support provided by the governor’s office, legislative leadership, and state and federal law enforcement. This attack—on one of our three branches of government—was made against all Kansans.”
Every county in the state, with the exception of one, experienced daily disruptions as a result of the Kansas Court cyberattack. The most populated county in the state, Johnson County, has its own computer systems and hasn’t migrated to the new internet system yet.
A public access service center with ten computer terminals is operating at the Kansas Judicial Center in Topeka.
According to a preliminary review, the stolen information from the Kansas Court cyberattack includes district court case records on appeal and other potentially confidential data. The statement said that those affected will be notified once a full review is complete.
“Based on our preliminary review, it appears the stolen information includes Office of Judicial Administration files, district court case records on appeal, and other data, some of which may be confidential under law. A full review of what may have been stolen is a high priority to us but it will take time. Once this review is complete, we will notify those affected.”
The Judicial Branch stated that it will take several weeks to return to normal operations, including electronic filing, and that the effort involves “buttressing our systems to guard against future attacks.”
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
