Cyber Incident Victim: Unified Government of Wyandotte County and Kansas City
Date:
Apr 2022
Location:
United States of America
Summary
A cybersecurity attack targeting the Unified Government of Wyandotte County and Kansas City disrupted multiple services, prompting an ongoing investigation with federal and regional partners including the FBI and Department of Homeland Security. Operational impacts included suspended motor vehicle services, halted court e-filings requiring physical or fax submissions, delayed procurement bids, rescheduled property appraisal appointments, and limited email access across departments. The incident also affected booking confirmations at the Sheriff’s Office and caused general delays in public communications. Restoration efforts were underway, with residents directed to check official channels for service updates while authorities assessed potential data compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Unified Government of Wyandotte County and Kansas City, Kansas, experienced a cybersecurity attack targeting its data centers over a holiday weekend in mid-April 2022, with public confirmation provided on April 19. The incident disrupted multiple critical government services, prompting an immediate response to assess damage and restore operations. Officials engaged federal and regional partners, including the U.S. Department of Homeland Security, the Federal Bureau of Investigation (FBI), and the Mid-America Regional Council cybersecurity task force, to investigate potential data compromise and attack vectors. Service disruptions persisted through at least April 20, with restoration efforts prioritized across departments. The Unified Government maintained public communication through its website (wycokck.org) and 3-1-1 phone services, acknowledging the fluid nature of the situation while withholding technical specifics about the attack methodology or perpetrator identity. No explicit confirmation of data exfiltration or ransomware involvement was disclosed during the initial response phase documented in available updates.
Substantial operational impacts affected citizen-facing services, including the suspension of all motor vehicle transactions mandated by the State of Kansas and the District Court's inability to accept electronic filings, requiring physical submissions or fax transmissions to specific clerks. The Appraiser’s Office rescheduled property valuation appeals, while the District Attorney’s Office reported processing delays and referred inquiries to a designated contact. Procurement divisions experienced bid submission interruptions, and the Sheriff’s Office lost online booking confirmation capabilities. Multiple departments operated without email access, significantly hampering internal and external communications. The Unified Government systematically cataloged affected services in public bulletins, directing citizens to department-specific phone lines for urgent requests. Restoration timelines remained undefined as technicians worked to rebuild compromised systems, with officials emphasizing ongoing damage assessments to determine whether sensitive data was accessed. Continuous collaboration with law enforcement and cybersecurity agencies formed the cornerstone of the containment strategy, though no attribution details or recovery milestones were publicly disclosed in the immediate aftermath.