Cyber Incident Victim: Regional Justice Information System
Date:
Sep 2023
Location:
United States of America
Summary
A cyberattack targeted the Regional Justice Information System (REJIS), a provider of technological support for criminal justice departments and municipal courts across multiple states. The incident forced the shutdown of computer systems used for court case lookups, issuing charges, and jail booking processes. This disruption resulted in the suspension of municipal court services and required law enforcement and jail officials to revert to manual, paper-based procedures for critical functions like processing arrests and releases.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around September 10, 2023, a cyberattack targeted the Regional Justice Information System (REJIS), a government agency that serves criminal justice departments across Missouri and in Illinois and Kansas. The incident was detected on the afternoon of Monday, September 11, 2023, when REJIS notified its client courts of a security-related incident. This notification prompted St. Louis County to be alerted to the problem that same afternoon. The nature of the attack was not publicly disclosed, but its immediate effect was the compromise of computer systems critical for public safety and judicial functions.
In response to the cyberattack, St. Louis County proactively shut down some of its computer systems that rely on REJIS. These systems were used by police officers, jail officials, the county counselor, municipal court officials, and the prosecuting attorney's office for essential operations. The primary functions impacted included the ability to look up court cases, issue new charges, and process individuals in custody at the county jail. While 911 emergency services remained operational and unaffected, the attack severely disrupted normal procedures at the jail, forcing staff to conduct all bookings and releases using paper-based methods instead of the standard electronic system.
The impact of the incident extended far beyond St. Louis County, affecting municipal courts across the Kansas City metropolitan area that also depend on the REJIS platform. The system provides technological support for municipal court operations, including docket management, scheduling, and other critical functions. Due to the security incident, courts lost all access to information within REJIS. This access failure led to the immediate suspension of many court services. In Kansas City, Missouri, all hearings, with the exception of trials, were continued and rescheduled. All walk-in dockets were canceled. Similarly, the Municipal Court in Kansas City, Kansas, began rescheduling hearings set for September 13th through 15th. Overland Park Municipal Court reported that it could continue to accept payments, though its docket was potentially impacted as well.
The operational response to contain the threat and assess the damage began immediately. REJIS engaged SpearTip, a cybersecurity company, to assist in the investigation. The primary objective of this engagement was to work with the agency to determine if any data had been compromised during the attack. To mitigate the loss of system functionality for law enforcement, the Missouri Highway Patrol provided assistance to St. Louis County. The Patrol aided with running warrants and performing other critical tasks that would normally be handled through the compromised REJIS system.
The consequences of the cyberattack were significant and immediately felt across the criminal justice system. The inability to access electronic records forced a widespread shift to manual, paper-driven processes, which are inherently slower and more prone to error. This disruption caused delays in judicial proceedings, inconveniencing the public and creating a backlog of cases that would need to be addressed once systems were restored. The incident highlighted the critical dependency that multiple government entities and jurisdictions have on the REJIS infrastructure for their daily public safety operations.
On the evening of September 11th, St. Louis County Executive Sam Page addressed the County Council regarding the incident. He publicly stated that the county needed to invest more significantly in cybersecurity, noting that the cost of even a temporary shutdown of county government far exceeds the necessary investment in protective measures. Page revealed that the county had previously hired a cybersecurity expert earlier in the year to conduct an audit of the county's systems. He further announced his intention to formally ask the council later that same week to allocate more money toward strengthening the county's cybersecurity defenses. The disruption caused by the attack on REJIS served as a catalyst for this renewed focus on cybersecurity funding and preparedness.