In our Reality Check stories, Wichita Eagle journalists dig deeper into questions over facts, consequences and accountability. Story idea? tips@wichitaeagle.com.
A deluge of unanswered questions continue to swirl around Wichita City Hall, where a ransomware attack has disrupted some city services for two weeks.
But city officials aren’t answering them now, instead directing anyone with questions to a city webpage that focuses on how public-facing city services have been affected.
They won’t say who the city hired to help get the city’s systems back online or how much it is expected to cost taxpayers.
They won’t say whether the city will notify residents whose information was compromised — or whether the city plans to pay for identity theft protection for those residents.
They won’t say how much revenue the city is losing each day.
They also won’t say publicly whether the city paid a ransom, a move that could be illegal under sanctions announced by the U.S. Treasury earlier this year that forbids U.S. entities from paying ransoms to the group that’s claiming credit for the Wichita cyber attack. Federal law enforcement, which the city is working with on the cyber attack, also discourages victims from paying ransoms.
“I realize that’s frustrating,” City Manager Robert Layton said. “But I cannot talk about the issues that you want to talk about today while we’re still working through the incident.”
Layton said the city is exercising an abundance of caution until he is confident the system has been restored — and that hackers don’t have access to the city’s computer systems.
“I am committed — and the mayor, council members are committed — to talking about most of the issues, if not all of the issues, when we have finished our recovery,” Layton said. “But there’s too much still going on, and with the systems not all being up and running at this point, we just need to focus on getting all that taken care of and not risk any setback.”
The Russian hacker group LockBit claimed credit for the ransomware attack and indicated the city had until Wednesday to pay a ransom or else it would publish more than 500 gigabytes of data on the dark web. The day before the deadline, LockBit updated the dark web posting saying the data had been sold. The city’s data was not released on Wednesday.
The city’s wichita.gov/alert webpage says personal information was stolen from the Wichita Police Department’s records management system, including names, Social Security numbers, driver’s license or state identification card numbers, and payment card information. It gives no hint of how many people’s sensitive information may have been stolen or accessed, and there’s no way to find out at this time.
The city is also choosing to withhold information through the Kansas Open Records Act.
On Thursday, the city denied an Eagle records request filed May 7 seeking a copy of the city’s agreement with any firm hired to help resolve the cyber attack.
The denial statement said the city is choosing not to release that information because disclosure “at this time would pose a security risk to the city and could add to further disruption of city public services.”
The city pointed to a state statute that allows public agencies to discretionarily withhold public records that “would pose substantial likelihood of revealing security measures that protect systems used in the production, transmission or distribution of communication services.”
Layton said the costs of the attack and what the city is paying the cyber security firm will be released eventually. He would not say how much longer the unnamed cyber security firm could take to complete its work.
“We will be open about the efforts that we went through and the depth or breadth of incident when we’re finished,” Layton said.
Wichita cyber attack: Social Security numbers, driver’s licenses, payment info compromised
Ransomware group called ‘most prolific and destructive’ claims credit for Wichita attack
Most Popular
Comments / 0