The Kansas Judicial Department has printed an replace on a cybersecurity incident it suffered final month, confirming that hackers stole delicate information containing confidential data from its techniques.
In mid-October 2023, the Kansas courts authority disclosed a “security incident” that impacted the provision of a number of techniques, together with the eFiling system legal professional’s use for doc submission, digital fee techniques, and the case administration techniques utilized by district and appellate courts.
Over a month later, the system standing stays unchanged, with the next companies flagged as at present offline:
- Kansas Courts eFiling: For digital doc submitting
- Kansas Safety Order Portal: For digital doc submitting
- Kansas District Court docket Public Entry: For looking out district courtroom instances
- Appellate Case Inquiry System: For looking out appellate courtroom instances
- Kansas eCourt Case Administration: Utilized by district courts for case processing
- Kansas Lawyer Registration: For looking out attorneys by identify or bar quantity
- Kansas on-line marriage license software
- Central Fee Middle
An replace posted on the Kansas Judicial Department newsroom known as the influence on these techniques momentary and underlined the extra dire side of the cyberattack by confirming a data breach.
“Whereas the influence on our data techniques is momentary, the cybercriminals additionally stole knowledge and threatened to submit it to a darkish site if their calls for weren’t met,” reads the press launch.
“Based mostly on our preliminary evaluate, it seems the stolen data consists of Workplace of Judicial Administration information, district courtroom case information on attraction, and different knowledge, a few of which can be confidential underneath regulation.”
The scenario holds the core components of a typical ransomware assault, involving system outage brought on by native file encryption and in addition double extortion threatening to publish stolen information if the ransom is not paid. Nonetheless, the announcement doesn’t specify the kind of the assault.
The Kansas authority estimates it will need a number of weeks till all techniques return to regular standing. It guarantees to inform impacted people as quickly as its evaluate of the stolen knowledge has been accomplished.
The assertion takes a extra private flip, calling this an assault “towards all Kansas” and characterizing the perpetrators as evil.
“This assault on the Kansas system of justice is evil and prison. At this time, we categorical our deep sorrow that Kansans will endure by the hands of those cybercriminals.” – Kansas courts.
On the time of writing, no identified ransomware operations have publicly taken accountability for the assault.
