The Kansas court system needs at least $2.6 million in additional funds to recover from an October cyberattack that prevented the electronic filing of documents and blocked online access to records for weeks, the state’s top judicial official told legislators Tuesday.
State Supreme Court Chief Justice Marla Luckert included the figure in a written statement ahead of her testimony before a joint meeting of the Kansas House and Senate Judiciary committees. The Republican-controlled Legislature must approve the funding, and Democratic Gov. Laura Kelly also must sign off.
Luckert’s written statement said the courts needed the money not only to cover the costs of bringing multiple computer systems back online but to pay vendors, improve cybersecurity and hire three additional cybersecurity officials. She also said the price tag could rise.
“This amount does not include several things: recovery costs we will incur but cannot yet estimate; notification costs that will be expended to notify individuals if their personal identifiable information has been compromised; and any services, like credit-monitoring, that the branch may decide to provide for the victims,” Luckert’s statement said.
The attack occurred Oct. 12. Judicial branch officials have blamed a ransomware group based in Russia, saying it stole data and threatened to post it on a dark website if its demands were not met.
Judicial branch officials have not spelled out the attackers’ demands. However, they confirmed earlier this month that no ransom was paid after responding to an Associated Press request for invoices since Oct. 12, which showed as much.
Luckert said little about the costs of the cyberattack during Tuesday’s joint committee meeting and did not mention the $2.6 million figure. She and other judicial branch officials also met with the House committee in private for about 15 minutes to discuss more sensitive security issues.
“The forensic investigation is ongoing,” she said during her public testimony to both committees.
Luckert said courts’ costs include buying a new firewall as well as software and hardware. She said the court included the three new cybersecurity jobs in its proposed budget for the fiscal year that begins July 1 but now wants to be able to hire them in April, May or June.
State Rep. Stephen Owens, a Republican from rural central Kansas who serves on both the House judiciary and budget committees, said the courts are asking for “an awful lot of money” because of the cyberattack.
“That being said, I also think that we have to prioritize cybersecurity,” he said after Tuesday’s meeting. “We have to prioritize safeguarding of the information that we store on behalf of Kansans.”
Separately, Kelly is seeking $1.5 million to staff an around-the-clock, 12-person cybersecurity operations center, hire an official to oversee the state’s strategy for protecting data and hire someone to create a statewide data privacy program.