City of St Joseph hit by cyberattack data potentially acquired in breach newspressnowcom

pST JOSEPH Mo NewsPress NOW Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents city officials confirmed Monday ppThe City of St Joseph has been forced to spend more than 1 million on extensive upgrades to its cybersecurity and technology infrastructure since it first acknowledged via Facebook on Monday June 9 that some of its services were down or temporarily unavailable due to network issues saying later on June 26 it was investigating network security issues and no threat was posed to the publicppThe city is now shedding additional light on the extent of the incident saying in a press release Monday that while no evidence suggests any information has been misused it is possible that some data including records from the St Joseph police and health departments could have been acquired by an unauthorized third partyppThe investigation into this incident determined that certain files may have been acquired without authorization After extensive electronic discovery which concluded on Sept 4 it was determined that some personal information may have been present in the impacted data set the city said In the next 14 days some residents will begin receiving letters regarding an incident that may have exposed personal informationppLetters will be sent to approximately 11000 people and will include resources that can be used to protect information and instructions for enrolling in complimentary credit monitoring and identity theft protection services free of chargeppThese services will alert those who enroll when changes occur to their credit file Impacted residents also will receive proactive assistance to help with any questions they might have or in the event of becoming a victim of fraud the city said The City of St Joseph is fully committed to the protection of citizen and employee information system security and data privacy particularly in a time when cybersecurity incidents have become all too common ppMultiple current and former city employees including one who agreed to speak on the condition of anonymity confirmed to NewsPress NOW that the incident was the result of a data breach that brought many technology and communication services to a near standstill for daysppThe first thing I noticed when I came in that Monday was our phones didnt work And then it was we couldnt get into anything Absolutely nothing a prominent former staffer at City Hall said I just kept saying What is this Whats the problem Whats going on Then they say we were hackedppThe cyberattack described to her as a data breach by the citys IT staff on multiple occasions was significant enough that it prevented her and staff from accessing network programs files and records critical for daily business including the citys email serverppThe staffer who worked in a large department that handled customer payments and coordinated heavily with businesses described a chaotic environment as major processes were essentially shut down with overwhelmed staffers struggling to complete routine tasks for much of the week which typically included coordination with public safety departmentsppWe couldnt get into any files Fire Department too I worked closely with the fire inspectors all that stuff how were we supposed to operate she said It was mass chaos There should have been some type of public announcement that We are struggling hereppThe city said it first detected the network issue around 230 am on June 9 and quickly relayed it to the information technology team at 4 pm The citys network was immediately shut down at all locations as a precaution and the IT team started conducting its inquiry by 6 amppUpon detecting this incident the city moved quickly to initiate a response which included conducting an investigation with the assistance of outside IT specialists and confirming the security of the network environment Law enforcement was notified The city wiped and rebuilt affected systems and has taken steps to bolster its network security continuing work that already was underway at the time of this disruption the city press release readppWhile unconfirmed by department officials the incident reportedly had a notable impact on file access and communications for the police and fire departments Despite that city said dispatching of police fire and emergency medical services continued uninterrupted despite the incident thanks to longstanding protocols and contingency planningppEnacted in 2009 Missouris data breach notification law requires entities that own or license personal information of Missouri residents to provide notice to affected consumers if there has been a breach of security following discovery or notification of the breach Notice must be made without unreasonable delay after discovery of the breach ppNotification is not required if after appropriate investigation or consultation with relevant government agencies the entity determines there is no reasonable likelihood of identity theft or fraudppThe former city staffer was told by a colleague in the citys IT department and a direct witness that ransomware was involved in the cyberattackppHe sent me a picture of every time he tried to open up a file of the ransom this ransom note I know that it was some type of ransom hack she said ppMultiple Sunshine Law requests for a list of insurance claims data breach documents and emails over a threemonth period on the matter initially resulted in a small handful of communications being provided to NewsPress NOW citing privileged and protected correspondenceppDisclosure of any additional email correspondence would impair the Citys ability to protect the security or safety of persons or real property and that the public interest in nondisclosure outweighs the public interest in disclosure of additional email correspondence a city spokesperson said in an email to NewsPress NOW in August  ppOne email obtained in the request shows a personal Gmail account with the name of a prominent city human resources official was used June 9 to communicate with insurance company CBIZ Insurance Services about the citys cybersecurity policy coverage as well as a risk assessment for its network on the same day the data breach occurred ppUse of personal emails for government business is typically discouraged unless necessary in cases of emergency The email suggests that the citys email server was inaccessible for staff across multiple departmentsppIts unclear exactly how many departments were impacted by the incident if data or personal information was collected and if so to what extentppThe aforementioned cybersecurity policy shows the city had a cybersecurity risk assessment performed on its network defenses in December 2024 assessing the potential for direct exposures for ransomware malware and other dangerous misconfigurationsppNo infections or exposures were ultimately found at the time including deep scans for initial access of malware ransomware and detecting if any credentials had been offered for saleppThe city also added several endorsements to its policy at that time to expand its initial cybersecurity coverage The risk assessment was carried out by Tokio Marine HCC a cybersecurity insurance companyppCity spends more than 1 million to improve infrastructure following incidentppCity councilmembers have authorized a number of costly investments to improve its cybersecurity technology and software following the incident in some cases to improve aging and outdated platformsppThe City has many platforms that are aging and now require upgrades to ensure they remain reliable efficient and aligned with current standards a document explaining one ordinance for technology purchases reads ppOn Aug 4 councilmembers approved an ordinance to provide funding in an amount not to exceed 997659 for investments in the citys technology services to address infrastructure modernization Investments included new servers firewalls networking equipment data storage solutions and improved backup processesppFunds were allocated from the General FundComputer Network according to the ordinance ppThe ordinance also granted City Manager Mike Schumacher the ability to expedite purchase orders and agreements associated with said expenditures including those that would typically require separate Council approval under the Citys bidding thresholdsppOn Aug 18 councilmembers approved a 63089 proposal to purchase three years of security licensing to consolidate the citys cybersecurity infrastructure The license included threat protection secure firewall and email endpoint security DNSlayer defense and multifactor authenticationppThe City of St Joseph does carry cybersecurity insurance and services it provides were utilized during this network disruption At the next City Council meeting on Monday Sept 29 an ordinance to authorize a 50000 insurance deductible payment will have a first reading the city press release said ppDisruptions linger following breachppThe staffer said after the first day passed on June 9 with little to no clarity on the situation a hotspot device was brought in the following day providing enough service for just one employee while the rest of the department struggled to complete tasks often working off memory or from older records with new information and data being inaccessibleppI was going around the world to make something work reinventing the wheel she said I was there way more than I should working late hours trying to keep the city afloat trying to keep business goingppShe said the city was unable to provide additional hotspots as multiple employees including herself resorted to using personal cellphones and laptops to view or conduct official city business something she was later instructed not to do after several daysppWith a lack of clarity about possible risks or exposures from the incident she was highly uncomfortable with the department continuing transactions with customer credit cards ppIf we were hacked and they were using a hotspot and still having customers come in and pay for things with credit cards If they still had access to all of our files how is that safe she said I would not do anything unless it was cash paymentppThe citys press release noted that certain departments were able to continue conducting business including accepting and making payments by developing workarounds within hours of the network disruption ppCity staff focused immediately on keeping essential services runningppDespite some emails starting to trickle in by the end of the initial week work was largely impossible as a majority of processes for her department werent available again until several weeks laterppMonths later and some processes remain interrupted including daily dissemination of arrests thefts and vandalism reports to media outlets from the St Joseph Police Department information of high public interestppThe last official reports to NewsPress NOW were sent on June 8 a day before the network incident occurredppDespite being passionate and well compensated for her job she quit not long after due to the incident and previous challenges that brought considerable stress ppI loved my work I loved what I did she said Its sad that I have to go because theres no way I could take much moreppJump to comments ppCameron has been with NewsPress NOW since 2018 first as a weekend breaking news reporter while attending school at Northwest Missouri State UniversityppNewsPress Now is committed to providing a forum for civil and constructive conversationppPlease keep your comments respectful and relevant You can review our Community Guidelines by clicking hereppIf you would like to share a story idea please submit it hereppCommunity Guidelines
Contact Us
EEO Public File
FCC Applications
FCC Public File
Privacy Policy
Terms of Service
Do Not Sell My Personal InformationppBreaking News
Contests Promotions
Local News Updatesp