Cyber Incident Victim: Kansas Judicial Branch
Date:
Oct 2023
Location:
United States of America
Summary
A foreign ransomware attack compromised the Kansas judicial branch, stealing confidential records including case files and administrative data, with threats to leak information on the dark web if demands were unmet. The incident disrupted statewide court operations, forcing reliance on paper records and disabling electronic systems such as case management, public access portals, e-filing, payment processing, and marriage license applications across 104 counties. Recovery efforts involved enhanced security measures and collaboration with cybersecurity experts to assess data exposure, though full restoration of services required extended time. The attackers remained unidentified, but the breach highlighted persistent threats targeting government entities, significantly impairing judicial functions and public access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2023, the Kansas Supreme Court disclosed a foreign cyberattack targeting the Kansas Office of Judicial Administration, severely disrupting operations across the state’s appellate courts and district courts serving 104 counties. Upon discovering the attack, officials immediately disconnected affected information systems from external access and notified state authorities, including the governor’s office, legislative leadership, and federal law enforcement agencies. The incident was later confirmed by Sedgwick County Judge Philip Journey as a ransomware attack. Hackers exfiltrated Office of Judicial Administration files, district court case records on appeal, and other data, including confidential information protected by law, threatening to leak stolen data on the dark web unless demands were met. The attack incapacitated multiple critical systems, including the e-filing system, protection order portal, district court public access portal, appellate case management system, attorney registry, and Kansas online marriage license application system. By October 15, municipal courts in Topeka closed probation and prosecution divisions to the public, while statewide courts reverted to paper-based operations. The Kansas Supreme Court emphasized collaboration with cybersecurity experts to identify stolen data and assess the scope of compromised personal information, though this review remained incomplete as of the November 22 update.
The prolonged outage forced all affected systems offline for over six weeks, halting electronic filings, payments, and public access to court records. Recovery efforts focused on rebuilding security infrastructure to prevent future attacks, with full restoration of normal operations projected to take several additional weeks from the October 12 disclosure. The Kansas eCourt case management system and payment portal remained nonfunctional during this period. Officials acknowledged the attack’s broader implications, citing FBI data on rising cybercrime targeting local governments and characterizing the incident as an assault on democratic institutions. While no ransomware group claimed responsibility, the Kansas Supreme Court warned that stolen data could expose personal information of Kansans, pledging to notify impacted individuals once forensic analysis concluded. The disruption mirrored ransomware incidents affecting other U.S. state court systems, underscoring operational vulnerabilities in judicial infrastructure.