Jefferson County clerk's offices, Kentucky, hit by ransomware attack

The Jefferson County Clerk's Offices in Louisville, Kentucky, including all motor vehicle branch locations, have been shut down indefinitely due to a "cybersecurity investigation" stemming from a ransomware attack.

The attack, began around 2 a.m local time on July 22, 2024 and led to system outages. Officials confirmed the outages were caused by a ransomware attack, where malicious software was used to lock the office's files, demanding a ransom to unlock them. Details about the ransom demand or the types of files being held hostage are not disclosed.

Jefferson County claims that no personal information has been leaked as a result of the attack. The office is collaborating with a cybersecurity firm to recover the compromised files.

The cyberattack is not related to a previous CrowdStrike failure that caused office closures in Jefferson County last week, which confused residents seeking to renew vehicle registrations and apply for licenses.

Update - As of 15th of August 2024, the Jefferson County Clerk’s office in Kentucky has confirmed that the data breach exposed sensitive information, including election-related data and employee files. The breach is attributed to the RansomHub ransomware group. The group has claimed responsibility for exfiltrating 47 GB of data, which may include:

• Election administration data, potentially dating back to 2008
• Ballot data and voter records
• Personnel files
• Social Security numbers
• Financial documents
• Human resources records (including employee reviews and resignation letters)
• Invoices and budget documents
• Alarm system details

As of now, the county clerk’s office is reviewing the leaked files and plans to notify affected individuals within 35 days, aligning with its internal policy.