MOUNT VERNON — A data breach in the early morning hours of Dec. 19 affected several city departments, including the Mount Vernon Municipal Court, police department, auditor’s office, and public works.
Dynamic Networks, the city’s IT provider, alerted city officials that morning. The breach occurred at about 3 am.
According to a press release issued by the city Tuesday, “the breach occurred through a remote access tool utilized by the city’s IT provider, which also affected other clients of that provider. The intruder installed ransomware known as Lockbit, requesting a ransom for access to certain files.”
Safety-service Director Richard Dzik told Knox Pages it’s unclear if a file affected on Dec. 15 is related to the breach.
“We filed a claim with our insurance provider, who referred us to a law firm to help determine what actions the city needs to take,” he said.
“Our insurance provider also referred us to a cyber security firm to do an audit of the system and to figure out what relationship, if any, there is between the file on the 15th or whether it was inadvertently deleted,” he added.
The auditor’s office had to stop processing purchase orders for several days as a result of the breach. One computer in each of the streets and cemetery departments was affected, but work did not stop because staff had access to another computer.
Because of the police department’s connection with the county via 911 operations, county officials became involved. Some of the reporting and dispatching software the city uses resides on county software.
Knox County IT Director Kyle Webb said the initial information the morning of Dec. 19 was that it was municipal court that was affected.
“As we talked with the city, we found out later that afternoon that the police department was affected. That’s when we decided to shut down the connection,” he said.
Both Dzik and Webb said police officers could do things via the computers in their cruisers, but shutting down the connection affected administrative work in the office.
County IT set up several computer stations at the Knox County Sheriff’s Office so the police department could utilize the software. City officers continue to utilize the KCSO stations.
“Until it can be proven 100% that the problem has been resolved and will not happen again, we are going to leave that connection off,” Webb said.
County Administrator Jason Booth noted that although the breach might have been minimal, in the interests of safety, county officials did not want to take a chance.
“I thought it was a very conservative approach,” he said of shutting down the IT connection between the county and city. “As we went to do our insurance renewal this year, cyber insurance is getting difficult to get because of the volatility of cyber attacks.”
Webb said the county is putting in other software to get city police reconnected. He also said he wants a full written report about how the breach happened and how it will be prevented from happening again.
Dzik said the city wiped the computers clean and restored the information via backup data. The auditor and public works departments are back to normal operations.
Municipal court staff is “taking a cautious approach” and doing abbreviated data entry on traffic citations until it is 100% certain information is safe. No Social Security or drivers’ license numbers are being entered.
According to the release, “the city does not believe that any documents with personal identifiable information (PII) have been removed or accessed from city systems.
“The city will continue to update the public regarding this situation as new information is received and, if necessary, perform the required notifications if any person’s personal information has been accessed.”
“If we need to notify people affected or offer credit monitoring services, we have insurance to cover those services,” Dzik said.
