New details released about data breach at Jefferson County Clerk's office

LOUISVILLE, Kentucky (WAVE) – Weeks after a cyberattack shut down Jefferson County offices for days, authorities are releasing more information about the data theft.

Initial results did not indicate that data was stolen, but a post on the dark web on Monday by the Russian hackers responsible for a breach claims the attack was successful.

“Ransomhub had posted a message on its darknet blog that they had managed to steal county government files, along with an alleged list of those files,” said CEO David Summerfield.

Officials told us they are currently reviewing the forensic report to find out if this claim is true.

During testimony in court on Wednesday, new details about how this happened emerged.

A forensic analysis revealed that the hackers were able to access the business office network using “compromised credentials” and a virtual private network (VPN) that allows employers to work from home.

The clerk's office said the hackers gained access to internal employee documents, but not to public information.

“None of our election records were there. None of our motor vehicle information was there,” said Ashley Tinius, director of communications, media and public relations for JCCO. “None of our legal records were there because that's all in the cloud.”

In Frankfort, Summerfield testified that the office uses industry-standard safety tools and measures and has taken a number of other precautions.

“The lesson we learned today in Frankfort is: If it hasn't happened to you yet, it will happen,” Tinius said.

Dr. Adrian Lauf, associate professor of computer science and engineering at UofL, said the more people rely on digital platform services, the greater the likelihood of becoming a victim of an attack.

“The fact is that we are more interconnected every day,” he said. “All these systems and services and vulnerabilities and weaknesses.”

Dr. Lauf lists numerous ways to protect yourself, such as two-factor authentication, careful use of links, and other common sense practices.

“Check where things are coming from,” he said. “Be careful so you don't become the next target of this social engineering attack.”

If you suspect your information has been compromised, you should put a hold on your credit with the three major credit bureaus, he says.

Both Dr. Lauf and Tinius say there are a number of places you should share your information, including health care and the city.

“There are other ways they can get this information,” Tinius said. “Unfortunately, these criminals will try any means they can to get people's information.”

Summerfield testified that the JCCO is working to identify and notify employees whose data may have been compromised.

All rights reserved.