Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Data Breaches

Personal Information Stolen in City of Wichita Ransomware Attack

The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.

The City of Wichita, Kansas, has revealed this week that files containing personal information were stolen in a ransomware attack in early May.

The city disclosed the incident on May 5, when certain systems were shut down as a containment measure, to stop the spreading of file-encrypting ransomware deployed during the attack.

The city said at the time that some of its online services were impacted, but not first responders, which immediately switched to business continuity measures. Payments across several services continue to be down.

This week, Wichita revealed that, between May 3 and 4, the attackers copied certain files from its network and that those files contain personal information.

“These files contained law enforcement incident and traffic information, which include names, Social Security numbers, driver’s license or state identification card numbers, and payment card information,” the city announced.

Wichita also revealed that initial access to its network was obtained through the exploitation of “a recently disclosed vulnerability that affects organizations throughout the world”, without providing specific details on it.

“Our technical teams have been working around the clock to put the mitigation measures in place to resolve the issue. Further, we are coordinating with law enforcement to investigate this matter further,” the city said.

Wichita also said that it has made good progress in recovering the impacted systems, but did not say when it expects to resume full operations. Credit card payments are still not accepted.

Advertisement. Scroll to continue reading.

“We understand that this matter has been an inconvenience for our residents and customers, and for that we appreciate your patience as we work through this process,” the city noted.

What the city has not disclosed yet is the number of potentially impacted individuals and the name of the ransomware group behind the attack. On May 7, however, the LockBit gang added Wichita to its leak site, threatening to release the stolen information.

Related: Shields Up: How to Minimize Ransomware Exposure

Related: Brandywine Realty Trust Hit by Ransomware

Related: LockBit Ransomware Mastermind Unmasked, Charged

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights