The City of Wichita, Kansas, has revealed this week that files containing personal information were stolen in a ransomware attack in early May.
The city disclosed the incident on May 5, when certain systems were shut down as a containment measure, to stop the spreading of file-encrypting ransomware deployed during the attack.
The city said at the time that some of its online services were impacted, but not first responders, which immediately switched to business continuity measures. Payments across several services continue to be down.
This week, Wichita revealed that, between May 3 and 4, the attackers copied certain files from its network and that those files contain personal information.
“These files contained law enforcement incident and traffic information, which include names, Social Security numbers, driver’s license or state identification card numbers, and payment card information,” the city announced.
Wichita also revealed that initial access to its network was obtained through the exploitation of “a recently disclosed vulnerability that affects organizations throughout the world”, without providing specific details on it.
“Our technical teams have been working around the clock to put the mitigation measures in place to resolve the issue. Further, we are coordinating with law enforcement to investigate this matter further,” the city said.
Wichita also said that it has made good progress in recovering the impacted systems, but did not say when it expects to resume full operations. Credit card payments are still not accepted.
“We understand that this matter has been an inconvenience for our residents and customers, and for that we appreciate your patience as we work through this process,” the city noted.
What the city has not disclosed yet is the number of potentially impacted individuals and the name of the ransomware group behind the attack. On May 7, however, the LockBit gang added Wichita to its leak site, threatening to release the stolen information.
Related: Shields Up: How to Minimize Ransomware Exposure
