Durham officials 'confident no personally identifiable information compromised', including city employee, resident data

Elaina Athans Image
Tuesday, March 10, 2020
Durham officials say no city employee, resident data compromised in malware attack
Officials said while phone lines are still down, the city website and phone app are not affected, and residents can continue to use both safely.

DURHAM, N.C. (WTVD) -- Whether you call the Durham Police Station or the city's fire department, you'll get the same message, a recording that plays, "line has been disconnected." It's the result of widespread hacking.

Durham city and county officials said 80 servers were swiftly taken offline to contain a Ryuk Malware attack late Friday night. The Friday night attack also downed Durham County Government services.

In a news conference Monday, Durham City Manager Thomas Bonfield said no city employee or resident data was compromised.

"Cybersecurity professionals have confirmed and we are highly confident that no personally identifiable information was compromised as a result of this breach."

A representative for the county said they also have no indication that data had been altered.

"We have no indication that any data has been stolen or tampered with," county Chief Information Officer Greg Morrow said. "It's also important for me to say that our data sitting at rest or in transit is encrypted."

SEE MORE | Gov. Cooper urges caution online following Homeland Security warning of possible retaliation

Spokesperson Beverly Thompson says officials are not sure how the attack happened, but are focused on bringing the servers back online while also finding the source of the attack.

"At this time, City IT staff are bringing systems back online while investigating the source of the attack," city officials said. "Critical public safety systems, including 911 and other public safety agencies, are operational and emergency calls are being handled."

The City phone company and a cyber-security company are working to fix the problem.

To help contain the attack, the City has since shut down its phone system which has affected city facilities and services, such as Durham One Call, Durham Parks and Recreation centers, City Hall and many more.

In the meantime, the city's website and app are fully functional, and residents can use the website to pay their water bills and submit service requests.

In a news release, City Hall, all non-emergency City operations, programs and services as well as Durham County Government will open normally on Monday.

Kerry Goode, the director for the city's Technology Solutions Department said they believe an employee clicked on an attachment in an email, which led to the attack.

Durham city officials said they are working with the Department of Public Safety, Emergency Management and the National Guard to fix the issues, which affected about 1,000 computers from the county and city respectively.

Each computer will go through a three-tier security scrub before reuse.

North Carolina State Risk Officer Maria Thompson said malware attacks are often traced back to a phishing attempt.

"We call it the spray and pray that someone will click on it," Maria Thompson said. "The majority of these incidents have been through phishing."

City and county leaders said their employees go through regular training exercises and receive alerts about phishing email scams.

Goode said he expects city systems to be fully recovered in two days. Morrow said it could be a week before county systems are back online.

SEE MORE | Using public USB charging stations could drain your bank account, officials warn