Cybersecurity

Individuals impacted by court cybersecurity incident to be contacted


TOPEKA, Kan. (KSNW) – The Kansas Office of Judicial Administration says they worked with a vendor to contact individuals whose personal information was accessed during an October 12 cybersecurity incident.

Chief Justice Marla Luckert said that since the incident, the Office of Judicial Administration has put additional security controls in place and will continue to enhance its security controls in the future to reduce the possibility of future cybersecurity incidents.


Investigating cybersecurity incident impact

Following the October 12 cybersecurity incident, the Office of Judicial Administration began working with cybersecurity experts to investigate what happened and what was affected. The investigation determined there had been unauthorized access to files stored on the Office of Judicial Administration network.

Through an extensive examination of the files accessed during the cybersecurity incident, cybersecurity experts and the Office of Judicial Administration verified some files contained personal information. That examination was complete as of April 23, 2024.

“We store information on our networks in various formats, and some files are complex, which lengthened the time it took to determine which files included personal information,” Luckert said. “We believed it was worth the extra effort and prevention of needless worry to clarify who was affected and who was not.”

The extensive investigation reduced the potential number of people impacted from a population that could have included anyone who ever interacted with Kansas courts to about 150,000.

Personal information came from files given to the Office of Judicial Administration through litigation in the Kansas appellate courts, applications to the Kansas bar, or other administrative records held by the office, and could have included names, addresses, dates of birth, Social Security numbers, driver’s license or other state identification card numbers, government identification card numbers, tax identification card numbers, financial account information, payment card information, passport numbers, biometric identifiers, health information, or health insurance policy information.

Notification to affected individuals

Notification to affected individuals was made by letter if address information was available. If address information was not identifiable, notification was made by media publication, on the judicial branch website, and notice to media where appropriate.

Notification letters to individuals include recommended steps they can take to monitor and protect their personal information. These notifications also offer credit monitoring and identity restoration services at no cost to the affected individuals.

No notifications by telephone, text, or email

No notifications will be made by telephone, text, or email. If someone receives a phone call, text, or email about the cybersecurity incident, they are advised to end the call or delete the text or email. Phone communication about the cybersecurity incident should be initiated by the individual.

Informational webpage

An informational webpage on the Kansas judicial branch website answers common questions affected individuals might have about the cybersecurity incident and their personal information. It includes a phone number people can call if they have questions. The webpage can be accessed here.



Source

Related Articles

Back to top button