Richardson
City officials are enlisting two outside firms, one of which will help investigate last week’s data breach into city computer systems and recommend ways to prevent something similar from happening in the future.
The Board of Public Works and Safety on Tuesday voted to permit Mike Richardson, director of security and risk, to sign two letters of engagement with Pierson Ferdinand LLP, described as a tech-driven law firm, and S-RM, a cybersecurity consultancy firm.
“We reached out to our insurance company when this all occurred, they’ve been in contact with a couple of organizations that the insurance company uses on a regular basis to assist communities and businesses who have this issue,” Richardson, who is in charge of the investigation, along with the city’s IT department, told the board.
The city has a $1 million cybersecurity insurance policy and $25,000 deductible with California-based Cowbell Cyber, who assigned Pierson Ferdinand to represent the city in connection to their insurance claim.
S-RM will work alongside the city’s IT team to conduct a forensic investigation into the breach’s origins and extent. The firm will also provide incident response services to detect, contain and prevent any future similar threat, according to a copy of the terms.
“What they’ll do is assist in seeing what was taken, so we actually know everything that was, we believe we know, but just to double check,” Richardson told board members. “Also, to give us the ability to see the procedures that we currently have in place, and then also give us recommendations on how to make our system more secure so that it will mitigate the possibility of this occurring in the future.”
Whoever was responsible for the breach was able to pull city email addresses, along with their passwords, according to Richardson.
While city officials believe that was all that was taken, they emphasized the ongoing nature of the investigation. Richardson said previously that the city did not experience a ransomware attack where information was accessed by an outside entity and held hostage for payment.
In the meantime, city employees have had to create new, more secure passwords, and in the future may start using other methods of protection like dual authentication, according to Richardson.
In addition, the city stores payment information with a third-party, so no credit card or banking information was compromised, according to city officials.
When the breach happened on July 24 around 7 p.m., the city’s IT team was quick to limit the access of the breach, according to city officials.
“We were very fortunate they shut the system down when they did,” Richardson said of the IT department.
That was followed by a “completely separate and coincidental” internet outage that left some city internet capabilities non-functional for about 24 hours.
City computer systems have mostly been brought back online—city employees regained access to their email by Thursday night— but the ability to make payments to the city for some services still remains unavailable as of Tuesday afternoon.
“This is not a club we wanted to be a member of, there are unfortunately a number of communities across Indiana that have been hit recently, but fortunately we’re up and running fairly quickly,” Mayor Mary Ferdon said.
Earlier this month, Monroe and Clay county governments experienced ransomware attacks — Monroe County government business was halted from July 1 to July 5 and Clay County, which experienced a cyber attack on July 9, is mostly operating again with some limitations.
Reports that Bartholomew County and BCSC also experienced a data breach are false, according to county and school officials. Columbus City Utilities (CCU) was not negatively affected at all by the breach because their systems are separate from the core city systems, Director Roger Kelso said.
