INDIANAPOLIS — Almost 24 hours after FOX59 News exclusively reported that the Indianapolis Housing Agency was the target of a ransomware attack, Indianapolis city employees have finally been told of the hack and advised to maintain email security vigilance.
IHA officials admit that as early as Monday of this past week their system was hacked by unknown actors in pursuit of potential personal information of 25,000 Marion County residents, vendors who do business with the agency and financial transactions between IHA and the Department of Housing and Urban Development.
A statement released by attorneys representing IHA Thursday night gave no indication of knowledge of the hacker’s identity or demands.
Today at 12:39 p.m., the City’s Information Services Agency issued the following statement to municipal employees:
Recently, the Indianapolis Housing Agency (IHA) became a victim of a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt organizations by locking down the organization’s computers and IT systems in exchange for the payment of a ransom. The data maintained by IHA, including personal information of residents and employees, as well as vendors, is potentially at risk.
The IHA network is isolated from the City-County network, so there is no immediate threat to City-County or constituent data as a result of this incident.
ISA has implemented several protocols to maintain, and improve, the safety of our computing environment. Earlier this year, ISA introduced security awareness training which is required annually for staff. As additional protection, we are installing an encryption tool on the hard drives of all City-County computers to protect network data from unauthorized access if the equipment is lost or stolen. Learn more about ISA security enhancements.
SA encourages all staff to continue to report emails that you believe might be suspicious, either by using the Outlook PhishAlarm reporting tool or by calling the ISA Service Desk at 317-327-3075.
Professor Scott Shackelford of the Kelley School of Business at Indiana University said the costs of recovering stolen information or repairing a system after a cyberattack can run into seven figures.
”The average cost following a cyberattack is around $4.4 million at this point.”