On Tuesday, Jackson County, located in Missouri, United States, experienced a major disruption in its IT systems. The cause? A ransomware attack.
State of Emergency Declared
The attack led to a state of emergency declaration due to operational inconsistencies across the county’s digital infrastructure. Some systems were rendered inoperative, while others remained functional.
Impacted Services
- Tax payments
- Online property
- Marriage licenses
- Inmate searches
As a result, the Assessment, Collection, and Recorder of Deeds offices across all County locations will be closed until April 5.
County’s Response
Frank White, Jr, the Jackson County Executive, expressed the urgent need to restore the county’s core functions to minimize inconvenience for residents. The county is actively working to ensure that the closures do not negatively impact residents.
Unaffected Services
The Kansas City Board of Elections and Jackson County Board of Elections reportedly remained unaffected by the system outage, maintaining continuity in crucial electoral processes.
Actions Taken
Law enforcement has been notified and IT security contractors have been enlisted to investigate and address the situation. The County emphasized the importance of network integrity and resident data confidentiality, stating that there is currently no evidence of data compromise.
Is Personal and Sensitive Financial Information of Taxpayers Compromised?
No. The county reassured that taxpayers’ personal and sensitive financial information is not included in the impact. This data is hosted completely outside of the county’s network and is securely managed and stored by their trusted partner, PayIt.
Efforts to strengthen system security against further compromise are underway, alongside endeavors to restore full operational capacity to affected services.
Jess Parnell, CISO at Centripetal, explained that it’s no longer enough to rely solely on reactive measures after an attack has occurred. Businesses and organizations must shift from an inward security focus, which primarily looks at vulnerabilities and patching, to an outward focus that anticipates and defends against potential exploits.