Wayne County Investigates Cyberattack with Legal Help
Wayne County is set to allocate up to $250,000 for a law firm to investigate potential leaks resulting from a major cyberattack. This incident, which occurred in October 2024, significantly impacted the sheriff’s office and rendered the county’s website inoperable for several days.
Background on the Cyberattack
The FBI is currently probing the circumstances surrounding this cyberattack, but specific details regarding its origins have not been disclosed by the county. This incident disrupted operations in Michigan’s most populous county, particularly affecting the 2,280-bed jail, which lost access to its essential jail management information system during this critical period.
County Officials Respond
County spokesperson Doda Lulgjuraj, along with Mara MacDonald, the spokeswoman for the Wayne County Sheriff’s Office, have assured the public that there are no ongoing issues related to the attack. Despite this, Wayne County has made the decision to engage the services of Clark Hill, a prominent law firm based in Detroit. Their role will be to thoroughly examine any data that may have been compromised and to monitor if any of this information has surfaced on the dark web. Lulgjuraj emphasized that this step is also crucial for ensuring compliance with privacy laws and regulations.
Financial Commitment and Contract Details
Initially, Clark Hill was contracted in March for a budget of $35,000 for their work. However, as the situation escalated, the Wayne County Commission approved an expanded contract in May, increasing the budget to $250,000. This decision reflects the seriousness with which county officials are treating the matter.
Data Recovery Efforts
Following the attack, the county’s Department of Information Technology managed to back up files as late as September 24, 2024. This proactive measure helped minimize data loss, restricting it to just over a week’s worth of information according to a commission report. Additionally, the county has moved files from its previous server to a more secure Microsoft SharePoint system as part of a strategic upgrade aimed at enhancing security infrastructure.
Incident Response Team Engagement
Clark Hill’s involvement was initiated by the county’s incident response team and its insurance carrier, underscoring the collaborative effort needed to navigate the aftermath of the cyberattack. Interestingly, despite the significant nature of the situation, there was no discussion regarding this contract during the commission meeting held on June 5, where the approval of the contract was unanimous.
Impact on Operations
The cyberattack occurred just weeks after the county had celebrated the opening of its new criminal justice center in Detroit, which had taken around ten years to complete. The attack notably hindered staff from accessing the electronic jail management system—a vital tool that integrates various essential functions at the jail, including booking information, communication services, and medical records. Steve Yatooma, the director of technology at the sheriff’s office, previously mentioned the challenges posed by the attack to The Detroit News, emphasizing the comprehensive nature of the disruption.
Conclusion
As Wayne County forges ahead with its investigation into the cyberattack, the collaboration between county officials and Clark Hill aims to uncover the extent of the data breach, ensure compliance with legal standards, and ultimately strengthen the county’s cybersecurity framework. The response reflects a determined commitment to safeguard sensitive information and protect the operations of the county’s critical services.
