(The Center Square) – Jackson County, Missouri, offices were closed for a second day on Wednesday after its information technology systems were disrupted by a possible ransomware attack.
“Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal,” according to a statement from the county.
The county’s assessment, collection and recorder of deeds offices will be closed until further notice, according to a media release. Tax payment and online property systems were affected along with those for marriage licenses and inmate searches.
The county emphasized the Kansas City Board of Elections and Jackson County Board of Elections were not impacted by the system outage. Tuesday’s election resulted in almost 60% of voters defeating a proposal for a three-eighths of a cent sales tax for 40-years to fund a new stadium for Major League Baseball’s Kansas City Royals and a renovation of Arrowhead Stadium, home of the Chiefs, Super Bowl champions of the National Football League.
Law enforcement was notified of the situation and outside information technology security experts were brought in to assist in the investigation and remediation of the situation.
“Hackers find loopholes in the system and it’s unfortunate what happened in Jackson County,” Sajal Das, a computer science professor at Missouri University of Science and Technology, said in an interview with The Center Square. “But when this happens to a government agency, either state or local, you can isolate very quickly. I think Jackson County responded very well to put the system down. That’s the best way to take a first level of action.”
Democratic Jackson County Executive Frank White praised county employees for their response.
“The swift action taken by our staff today highlights the resilience and preparedness of our staff,” White said in a statement. “I am particularly proud of our Information Technology Department for their decisive response in protecting our systems and minimizing damage.”
The county said its preliminary review of the situation found no data was compromised. It also said it doesn’t keep sensitive financial information on its system and relies on PayIt for the handling and storage of the information.
“Jackson County works with PayIt to offer resident engagement and payment services for property taxes, marriage licenses, and other various payable items,” according to a statement from PayIT provided by Jackson County. “The service is hosted completely outside of Jackson County systems and we have confirmed that the myJacksonCounty system has not been impacted by the incident.”
The county stated it would be transparent with the public, but specifics would be limited as law enforcement and cybersecurity experts continue to investigate.
“Most of these hackers work behind the scenes and are people who understand the system and the network very well,” Das said. “They will always try to see where the cracks are.”
Last month, the White House sent a letter warning state governors of possible “disabling cyberattacks” on water and wastewater systems in the U.S. by Iran and a cyber group backed by China.
