Notice of Data Security Incident
The Kansas Supreme Court Office of Judicial Administration (“Kansas OJA”) became awareof a data security incident that impacted personal information (“PII”) given to Kansas OJA through litigation in the Kansas appellate courts, applications to the Kansas bar, or other administrative records held by the office. It’s possible your personal information may have been impacted.
We take the privacy and security of information you entrust to us seriously, and we are sorry for any concerns or inconvenience this may cause you. Please review the information below for more information about what happened, and the services being made available to anyone who was impacted.
What happened
On October 12, 2023, we became aware of unauthorized activity on our IT network affecting access to information and services on our network. Upon discovery, we immediately activated our incident response protocols and began investigating what had occurred and who was potentially impacted. The investigation found there had been unauthorized access to portions of the Kansas OJA IT network, and a limited amount of data was taken from those systems. We then hired external cybersecurity experts to determine what information may have been accessed during the unauthorized access and to identify which individuals were impacted.
As part of our investigation, we have implemented numerous new security controls and processes to our IT system security practices. We continue to enhance security controls across our organization to protect our network. We put in place supplemental anti-malware tools, and we will continue to evaluate our security protocols for opportunities to further bolster our network security.
Who was affected
It took time to review information accessed during the cybersecurity incident due to the complexity of the data. The review was completed on March 29, 2024. From this review, it appears that limited information given to Kansas OJA through some litigation in the Kansas appellate courts, certain applications to the Kansas bar, or other administrative records held by the office was taken during the incident. While not every record contained the same information, our review indicates that certain records included names, addresses, dates of birth, Social Security numbers, driver’s license or other state identification card numbers, government identification card numbers, tax identification card numbers, financial account information, payment card information, passport numbers, biometric identifiers, health information, or health insurance policy information.
Notification to affected individuals
Letters have been sent to individuals identified as impacted by this event and for whom we have contact information. The letters contain more information about the incident, and information regarding resources to help. We are offering credit monitoring and identity protection services from IDX, a ZeroFox Company, to impacted individuals at no cost.
No notifications will be made by telephone call, text, or email. Anyone who receives a phone call, text, or email about the cybersecurity incident is advised to end the call or delete the text or email. Phone communication about the cybersecurity incident should be initiated by the individual.
We recommend that individuals remain vigilant for incidents of identity theft or fraud by reviewing bank account and other financial statements, as well as credit reports, for suspicious activity. Incidents of suspected identity theft should be reported to law enforcement or the attorney general. We also encourage individuals to contact IDX with any questions and to take full advantage of the IDX service offering.
For more Information
After 8 p.m. May 6, call 1-888-861-6382 between 8 a.m. and 8 p.m. Central Time, Monday through Friday, to ask if you were impacted by this incident or to get answers to other questions.
We are serious about our responsibility to keep personal information secure. Since the cyberattack, we have strengthened security for our network and information systems for even greater protection. We are sorry for the inconvenience and concern this matter has caused.
|
Related
Kansas Courts Cybersecurity Incident
Kansas Office of Judicial Administration to contact individuals affected by court system cybersecurity incident
Court Systems Security Indient Recovery
|