Sources: Hack of Wyandotte County data was a ransom attack, perhaps by Russian operatives

The hack of Wyandotte County data bases last week was actually a ransom attack, perhaps by Russian operatives, and county officials are severely downplaying the extent of the damage, two confidential sources with inside information tell The Heartlander.

One of the sources said it’s common knowledge among Unified Government of Wyandotte County/Kansas City, Kansas workers that it was a ransom attack.

Both sources – who are independent of each other and who’ve requested anonymity – say the hackers have made undisclosed and varying ransom demands in emails to government officials, and that UG operations have been seriously affected across numerous departments.

One source says the hackers, who broke in last weekend, were still inside UG data systems as recently as Wednesday; the other source says the hackers may have been active in the UG system as late as Friday.

The Secret Service also was on site for several days after the hack, the source says, adding that there is “no doubt” it was a ransom attack, and that the leading theory early last week was that it may have come from Russian operatives.

All this would appear to conflict with the substance and tone of Unified Government pronouncements about the hack the past week. 

“I can tell you that we are fully operational,” UG Clerk Brett A. Deichler said in a television interview Tuesday.

“There were some departments that were impacted — not to the extent that it stops the kind of workload and services that our residents have come to expect, but those issues are being addressed,” Mayor Tyrone Garner also told the media Tuesday.

In truth, The Heartlander’s sources say, UG operations have been impacted to a greater extent than at the onset of COVID-19 – and senior staff have been frustrated at the lack of swift and coordinated action such as that which was taken at the start of the pandemic. Staff also are worried about the lack of information about how much of their, and the public’s, personal data might have been compromised.

“This is the worst thing that I’ve seen happen to the (Unified Government) in my entire time being there,” one source said. “COVID was one thing. But it didn’t impact operations like this has. ‘Oh, being out of the office for COVID was a big deal.’ No, no. This is far worse.”

UG phone and email service was very spotty in the days after the attack, the source says. Many UG officials couldn’t get to their files or scan them in. The codes division was unable to issue building permits or violations. Human resources was unable to access its files – and paychecks, while they got out, didn’t include accurate time sheets. The county’s mapping system and related software – which multiple departments rely on for information about properties countywide – was down and land asset files unavailable.

The extent of any data breaches to the district court, district attorney’s office and sheriff’s department – all of whose systems contain sensitive and invasive personal information – isn’t publicly known, either.

“What’s worse than the fact that it’s floating around someplace else, the people in the courthouse can’t even access it,” one source told us.

“It’s just a rolling nightmare,” the other source said.

Complicating the crisis are growing questions over how much time interim county administrator Cheryl Harrison-Lee has been spending in the office.

By contract, Harrison-Lee is allowed to do outside work as a consultant. But The Heartlander’s source says Harrison-Lee’s presence in the office was sporadic even in the week after the hack: gone on at least Monday, Wednesday and Thursday, and only arriving in the office at midmorning on Friday.

Likewise, the source said, Harrison-Lee has been present in the office less than an entire day per week for weeks at a time since coming on board in January.

“It’s been pretty tough, I won’t lie to you, because it doesn’t necessarily feel like you’re getting the service of county administration,” Andrew Davis, UG District 8 commissioner, told the media last week. “It feels like we’re getting the service of a consultant. And there’s nothing wrong with that, but we didn’t ask for a consultant. We asked for a county administrator.”

Another possible complication: a UG hiring freeze instituted to find “waste,” but which had UG employees jittery even before the cyber attack.

“Everybody’s on pins and needles wondering if they’re gonna have a job,” the source said, “and they’re not filling critical positions. We aren’t staffed up to be able to mow our parks this summer.”

Employees were instructed even before the hack not to talk to the media without Harrison-Lee’s approval, the source said, and vital information about the cyber attack has been mostly contained to the UG’s upper management.

The Heartlander reached out Saturday to a UG spokesperson to ask why the ransom attack allegation hadn’t been made public; what authorities have done or might do to respond to the alleged ransom demand; whether Russian operatives are believed to be behind it; and what percent of county electronic operations are back online.

About The Author

Get News, the way it was meant to be:

Fair. Factual. Trustworthy.

  • This field is for validation purposes and should be left unchanged.