KANSAS CITY, Mo. — In May, the city of Kansas City, Missouri, experienced a “computer outage” that affected several major city operations.
City officials did not publicly describe what happened as a cyberattack, but records the KSHB 41 I-Team obtained show that’s exactly how city employees were privately referring to it.
KSHB 41 submitted a records request about a week after the issues started. We wanted to review all communication between city employees about the outage, starting May 1.
Part of the records we received on July 26 consisted of 381 emails between city employees.
The emails show the city was intentional and cautious about the wording it used with the public.
We are still waiting for more records.
On Saturday, May 4, the city’s general services director, Yolanda McKinzy, first sent out an email to two top city officials and City Manager Brian Platt. She said, “Internet and VPN services will not be available until further notice,” noting she was unsure what was causing the issue.
Tracey Roland, KCMO's IT manager, sent a similar email May 4.
Several emails over the next few days referred to the issue as a "cyber attack," "hacking attack," "IT breach" and "security incident."
Other messages said the city's "network was compromised" and City Hall systems were "compromised by ransomware."
When one city department manager referred to the issue as a "cyber attack" on Wednesday, May 8, another manager responded, "Please make note of the official words to use regarding the cyber issue. We are not using cyber-attack."
On Monday, May 6, an executive assistant sent an email reminding employees of the wording Platt wanted them to use.
"The city manager has asked that we use the following response to any questions regarding the system outage," the employee wrote. "Out of an abundance of caution, the City of Kansas City temporarily shut off some access to the network and some systems while we continue to investigate and ensure there are no issues. Users may experience intermittent outages and we appreciate everyone’s patience."
That is the same statement the media received May 6 from city spokesperson Sherae Honeycutt.
City department directors exchanged emails about which systems were down and told everyone working remotely to come into the office.
Benita Jones, Kansas City Municipal Court's spokesperson, sent an alert on Sunday, May 5, saying the court would be closed on Monday “due to a computer outage.”
Hearings and trials were continued to later dates. The court was closed again on Tuesday, May 7.
City employees couldn’t access their emails, and the city’s website was down.
Residents couldn’t pay their water bills online or over the phone.
Online applications for building permits and zone clearances were inaccessible.
The municipal court reopened on Wednesday, May 8, with limited capabilities. All systems were back up within the next two weeks.
On Tuesday, May 14, the city would not say what caused the issues when KSHB 41 went to City Hall to get answers.
Mayor Quinton Lucas then held a news conference on Wednesday, May 15, confirming "suspicious activity" on the city's IT network. However, he would not call it a cyberattack when asked.
It was also unclear if any data had been accessed or compromised.
Lucas said the city was in communication with multiple law enforcement agencies about the issue. KSHB 41 previously learned the FBI was among those agencies involved.
In the emails KSHB 41 has received thus far, Platt responded one time on May 6, saying, "Thank you," when given an update on the water department.
Now, seeing how city employees were talking about the "computer outage," KSHB 41 wanted to speak with Platt and Lucas.
KSHB 41 reached out to both offices over the weekend and did not hear back when we published this story Monday morning. Usually, city employees do not respond to emails over the weekend.
We also requested a copy of the city’s cybersecurity crisis plan and any insurance policies that cover a cyberattack, but the city denied the request, citing a state statute that allows a governmental body to withhold records that would reveal how its computer systems work or allow unauthorized access or disruption to its computer systems.
—