Cyber Incident Victim: Kansas City, Missouri
Date:
May 2024
Location:
United States of America
Summary
Kansas City experienced a cyber incident leading to the shutdown of its website and online services, including municipal court operations, council meetings, and utility payment systems, as a precaution during an investigation. Critical services like 311 reporting and KC Water payments were disrupted, forcing residents to use phone or in-person alternatives; while some functions were partially restored, payment processing remained offline. The city acknowledged technical difficulties impacting multiple departments but provided no details on the cause, amid a regional pattern of similar cyberattacks affecting local government systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 5, 2024, Kansas City, Missouri, experienced a widespread disruption to its online services after officials took municipal systems offline over the preceding weekend. The outage impacted KCMO.gov, the primary city website, along with the 311 action center portal used for reporting issues like potholes, illegal dumping, rental housing problems, and health code violations. Municipal Court operations were suspended, forcing closures from the start of the week and canceling all scheduled city council meetings on May 7. KC Water’s phone and online payment systems became unavailable due to technical difficulties, though its website remained accessible for informational purposes. The city clerk’s website, which hosts council meeting agendas and schedules, and the permitting platform were also rendered inoperable. Residents attempting to pay water bills or resolve urgent sewage matters were directed to in-person payments at the Water Services Department office on East 63rd Street, with KC Water offering a grace period for late payments. The myKCMO mobile app remained functional for submitting 311 tickets, and phone-based reporting via 816-513-1313 was available as an alternative.
City spokesperson Sherae Honeycutt confirmed the disruptions resulted from a proactive shutdown of network access "out of an abundance of caution" while investigations continued, though officials declined to specify whether a cyberattack occurred. By May 8, limited services resumed: Municipal Court reopened but could not process bonds or payments, the myKCMO app restored ticket submission capabilities for 311 requests, and community centers returned to normal operations. Kansas City’s incident coincided with a confirmed ransomware attack against Wichita’s city website that same weekend, which involved encryption malware. This outage followed multiple regional cybersecurity incidents, including a March 2024 ransomware attack on Jackson County attributed to a Russian hacker group via phishing, which disrupted tax payments, marriage licenses, and inmate searches. Additional disruptions affected the KC Scout traffic management system in April 2024—with cameras, message boards, and websites still offline—and separate cyberattacks targeted the Kansas City Area Transportation Authority and Kansas state courts, the latter exposing personal data of 150,000 individuals. Kansas City provided no estimated restoration timeline for remaining offline systems, citing ongoing investigative and remediation efforts.