Kansas Courts data breach affected 150,000, office says

TOPEKA—The Kansas Office of Judicial Administration said today it contacted some 150,000 people whose data was accessed during the October 2023 data breach that shut down the state court system in all but one Kansas county until January of this year.

Chief Justice Marla Luckert issued an apology on behalf of Kansas Supreme Court to those involved.

“We’re sorry anyone was personally impacted by the actions of the criminals who attacked our court computer systems,” Luckert said in a statement from the judicial administration office. “The judicial branch respects the privacy of information given to us, and it’s a high priority throughout the court system to keep that information secure.” 

Luckert added that since the incident, the Office of Judicial Administration has put additional security controls in place and will continue to enhance its security controls in the future to reduce the possibility of future cybersecurity incidents. 

Kansas Supreme Court Chief Justice Marla Luckert/Associated Press Photo

The cyber attack shut down the entire state court records system except for Johnson County, which runs independently on its own system. The breach halted the system by which court staff, lawyers and prosecutors file and monitor their cases electronically, and also the online payment system used by those paying fees and fines. Public access, used by crime victims, media and others who follow court cases, was also offline for months. Court staff had to go back to a hard copy paper system in the interim.

As soon as the Office of Judicial Administration discovered unauthorized activity on its network, officials said the took immediate action to protect the network, secure information, and start investigating what happened and what was affected. The office also started working with cybersecurity experts to conduct a forensic investigation. It was through this investigation that a determination was made there had been unauthorized access to files stored on the Office of Judicial Administration network. It also determined some files were exfiltrated – accessed and copied – which cybersecurity experts reviewed for personal information.

Through an extensive examination of the files accessed during the cybersecurity incident, cybersecurity experts and the Office of Judicial Administration verified some files contained personal information. That examination was complete as of April 23, 2024. 

“We store information on our networks in various formats, and some files are complex, which lengthened the time it took to determine which files included personal information,” Luckert said. “We believed it was worth the extra effort and prevention of needless worry to clarify who was affected and who was not.”

The press release said the extensive investigation reduced the potential number of people impacted from a population that could have included anyone who ever interacted with Kansas courts to about 150,000. 

Personal information directly involved came from files given to the state courts office through litigation in the Kansas appellate courts, applications to the Kansas bar, or other administrative records held by the office, and could have included names, addresses, dates of birth, Social Security numbers, driver’s license or other state identification card numbers, government identification card numbers, tax identification card numbers, financial account information, payment card information, passport numbers, biometric identifiers, health information, or health insurance policy information.

Notification to affected individuals was made by letter if address information was available. If address information was not identifiable, notification was made by media publication, on the judicial branch website, and notice to media where appropriate. 

Notification letters to individuals include recommended steps they can take to monitor and protect their personal information. These notifications also offer credit monitoring and identity restoration services at no cost to the affected individuals.

No notifications will be made by telephone, text, or email. If someone receives a phone call, text, or email about the cybersecurity incident, they are advised to end the call or delete the text or email. Phone communication about the cybersecurity incident should be initiated by the individual. 

An informational webpage on the Kansas judicial branch website answers common questions affected individuals might have about the cybersecurity incident and their personal information. It includes a phone number people can call if they have questions. 

Impacted individuals who have questions can call 1-888-861-6382 between 8 a.m. and 8 p.m. Central Time, Monday through Friday, excluding holidays. 

Dane Hicks is a graduate of the University of Missouri School of Journalism and the United States Marine Corps Officer Candidate School at Quantico, VA. He is the author of novels "The Skinning Tree" and "A Whisper For Help." As publisher of the Anderson County Review in Garnett, KS., he is a recipient of the Kansas Press Association's Boyd Community Service Award as well as more than 60 awards for excellence in news, editorial and photography.

Get content delivered to your inbox. It's never been easier to stay INFORMED!