Month: July 2017

Hackers of Kansas system accessed Social Security numbers of millions in 10 states

by Celia Llopis-Jepsen, Kansas News Service

Hackers who breached a Kansas Department of Commerce data system used by multiple states gained access to more than 5.5 million Social Security Numbers and put the agency on the hook to pay for credit monitoring services for all victims.

The number of SSNs exposed across the 10 states whose data was accessed has not been previously reported. The Kansas News Service, a collaboration of KCUR, Kansas Public Radio, KMUW and High Plains Public Radio, obtained the information through an open records request.

More than half a million of the SSNs were from Kansas, according to the Department of Commerce.

The data is from websites that help connect people to jobs, such as Kansasworks.com, where members of the public seeking employment can post their resumes and search job openings. Kansas was managing data for 16 states at the time of the hack, but not all were affected.

In addition to the 5.5 million personal user accounts that included SSNs, about 805,000 more accounts that did not contain SSNs were also exposed.

America’s Job Link Alliance-TS, the Kansas Department of Commerce division that operates the system, discovered suspicious activity on March 12, isolated it on March 14 and contacted the FBI the next day, according to testimony provided by agency officials to Kansas lawmakers this spring.

AJLA-TS officials also sought help from a third-party IT company specializing in forensic analysis. That analysis helped them verify that the coding error the hackers exploited had been fixed and to identify precisely which user accounts had been breached.

The Kansas News Service filed its open records request on May 24 seeking details about the extent of the breach and contracts related to the state’s response. The Department of Commerce fulfilled the request on July 19.

The documents show that the agency and AJLA-TS contracted with three private companies in the aftermath of the breach:

• Epiq, of Kansas City, Kan., to provide a call center for victims seeking information about the incident and Equifax credit monitoring services.
• Shook, Hardy and Bacon, a Kansas City, Mo. law firm, for “professional investigative, legal and compliance services.”
• SHI, a New Jersey-based IT company, for “rapid deployment” incident response.
The state is paying the law firm $175,000 for services that run through Dec. 31, 2017. The IT contract cost approximately $60,000.
The cost of the Epiq contract isn’t known because the agency redacted pricing information from the documents it released. David Soffer, a spokesperson for the department, said Epiq considers the cost information proprietary.

Testimony to lawmakers indicates AJLA-TS contracted with a fourth company in April, Texas-based Denim Group, to review code and provide feedback for improvements, which has since been implemented. The agency didn’t provide documents related to this contract in fulfilling the open records request.

Kansas will pay for up to a year of credit monitoring services for victims in nine of the 10 affected states. Victims residing in Delaware are eligible for three years of services because of contractual obligations to that state, Soffer said.

Agency officials had not yet responded yesterday to questions about whether insurance will cover some of the state’s costs.

The call center for victims, which can be reached at 844-469-3939, will remain open through the end of this month, Soffer said.

The Department of Commerce said in May that this is the first known breach of AJLA-TS’ databases. AJLA-TS’ response to the hack – providing credit-monitoring services – exceeds what is required by Kansas state law, a department spokeswoman said at the time.

The head of a California-based advocacy group, Privacy Rights Clearinghouse, told The Topeka Capital-Journal in May that one year of credit monitoring is not sufficient protection for victims of the hack, which also exposed names and birth dates, among other personal information.

The Capital-Journal also reported that hundreds of thousands of the Kansas victims may not be aware their accounts were breached.

The Department of Commerce said in May it had sent about 260,000 emails to victims, but added that it did not have email addresses for all users. Kansas law does not require notification to the victims via post or telephone, the department said.

When a recent theft from a Washington State University unit that handles data for state agencies on a contract basis exposed the personal information of 1 million people, the university notified victims by post.

That breach also included SSNs. Like Kansas, Washington State offered victims one year of free credit monitoring.

Celia Llopis-Jepsen is a reporter for the Kansas News Service, a collaboration of KCUR, Kansas Public Radio and KMUW covering health, education and politics. You can reach her on Twitter @Celia_LJ. Kansas News Service stories and photos may be republished at no cost with proper attribution and a link back to kcur.org.

See more at http://kcur.org/post/hackers-kansas-system-accessed-social-security-numbers-millions-10-states.

Dangerous heat continues through Saturday evening

National Weather Service graphic

National Weather Service graphic

An excessive heat warning is in effect today in Wyandotte County, and remains in effect through 8 p.m. Saturday, according to the National Weather Service.

Temperatures may reach 99 today in Wyandotte County, with a heat index of 109, the weather service said.

Conditions are particularly dangerous in urban areas where temperatures may not drop below the lower 80s overnight, according to the weather service.

A cold front will bring relief from the heat by Saturday evening, the weather service said. The highs Sunday through Tuesday will be in the upper 80s.

A few strong storms are possible Saturday evening and overnight, particularly to the north, according to the weather service. Locally heavy rain and strong wind are the main threats.

With the excessive heat warning in effect today, the local cooling centers have opened.

The weather service advises residents to take extra precautions. Those who work or spend time outside should reschedule strenuous activities to early morning or evening, the weather service said. They should wear lightweight and loose-fitting clothing and drink plenty of water. Anyone overcome by heat should be moved to a cool and shaded location. If there are symptoms of heat stroke, residents should call 911. Also, young children and pets should never be left unattended in a vehicle, as the temperature inside heats up quickly.

The weather service also advised to stay in air-conditioning, stay out of the sun and check on relatives and neighbors.

Today, it will be sunny and hot, with a high near 99, the weather service said. The heat index may be as high as 109. There will be a south southwest wind of 6 to 10 mph.

Tonight, the low will be around 79 with a south wind of 6 to 10 mph, according to the weather service.

Saturday, it will be sunny and hot, with a high of 99, the weather service said. The heat index may rise to 107. There will be a west southwest wind of 7 to 10 mph. There is a 20 percent chance of showers and thunderstorms after 1 p.m.

Saturday night, expect a 40 percent chance of showers and thunderstorms, according to the weather service. The low will be around 74, with a west wind of 6 mph becoming light and variable in the evening. Between a quarter and a half-inch of rain is possible.

On Sunday, there is a 20 percent chance of showers and thunderstorms, the weather service said. The high will be near 90 with a light and variable wind becoming west southwest around 5 mph.

Sunday night, it will be partly cloudy with a low of 70, according to the weather service.

Monday, expect sunny skies with a high near 87, the weather service said.

Monday night, it will be mostly clear with a low of 68, according to the weather service.

For more weather information, visit www.weather.gov.

United Way of Wyandotte County announces new president

Todd Jordan

Todd Jordan has been named the president and CEO of the United Way of Wyandotte County.

Jordan, who is currently the director of community impact for the United Way of Wyandotte County, will succeed Wendell Maddox, who is retiring. The United Way board of directors made the announcement.

Jordan has been responsible for monitoring program performance and administering emergency assistance funding for the United Way. He has helped secure grants from local and federal funders, as well as private foundations including the Robert Wood Johnson Foundation.

“I am excited to lead the next evolution of United Way of Wyandotte County as we work to strengthen our collaborative partnerships and increase resources necessary to secure the health, education, and financial stability of Wyandotte County residents. I am thankful to the board of directors for this opportunity and am excited to get to work.” Jordan said in a news release.

Jordan grew up in Lenexa, Kansas and holds a bachelor’s degree in history and political science from the University of Kansas. He completed his doctorate in public affairs at the University of Texas at Dallas where he focused on qualitative and quantitative research in organizational change, public policy and city planning. Prior to joining United Way of Wyandotte County, Jordan worked as a coach for the collegiate debate programs at UTD and the University of Missouri-Kansas City.

United Way of Wyandotte County operates or financially supports 51 nonprofit programs and partners with 38 agencies to provide the three building blocks of a better life: health, education, and income, a spokesman said.

– Story from United Way of Wyandotte County