Advertisement
Subscribe to our daily newsletter.
Subscribe

Nevada officials confirm data stolen in ransomware attack

Nevada officials said they still don't know what data was compromised, but that at least some data has been exfiltrated.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
ransomware skull
(Getty Images)

Nevada state officials confirmed Wednesday night that the “security incident” that was detected on Sunday was a ransomware attack, and that while the investigation is still ongoing, it appears the perpetrators stole state data.

During a press conference Wednesday evening, Nevada Chief Information Officer Timothy Galluzi shared more details about the cyberattack. While the forensic investigation is still ongoing, Galluzi shared that it has revealed evidence that some state data has been exfiltrated from the state’s system without authorization. He said it is unclear what type of data was stolen.

“I need to be very clear on the next point. At this stage of our intensive investigation, we cannot yet identify or classify the specific nature of this data. The process of analyzing the information to determine exactly what was taken is complex, methodical and time consuming,” he said. “Speculation on the data that was affected before we have any definitive proof would be irresponsible.”

Galluzi said the state’s data center operations team first detected anomalous activity on its server on Sunday morning, and the state immediately activated its cybersecurity incident response plan. This included, he said, isolating certain systems and taking them offline to prevent further intrusion on the state’s systems. This containment process, Galluzi said, caused several of the state’s web assets to go dark — including the state’s main website, NV.gov, along with many agency sites and online services — which he acknowledged has caused ample problems across the state’s operations.

Advertisement

“Our goal is to restore full functionality as soon as possible, but we have a duty to do so safely and securely,” he said, adding that while several of the assets are still offline, the state must ensure the threat is “eradicated” before bringing them back online.

Galluzi said the state was receiving support from federal cyber partners, and the Cybersecurity and Infrastructure Security Agency confirmed as much, sharing Wednesday it was assisting the state in restoring networks for lifesaving and critical services and helping to rebuild its systems.

As of Thursday, no cyber threat actor had claimed responsibility for the ransomware attack.

“Should we determine that any sensitive personal information of our citizens was compromised, we are prepared to follow the appropriate steps,” Galluzi continued.

Keely Quinlan

Written by Keely Quinlan

Keely Quinlan reports on privacy and digital government for StateScoop. She was an investigative news reporter with Clarksville Now in Tennessee, where she resides, and her coverage included local crimes, courts, public education and public health. Her work has appeared in Teen Vogue, Stereogum and other outlets. She earned her bachelor’s in journalism and master’s in social and cultural analysis from New York University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement
Advertisement

More Scoops

Latest Podcasts

How vague BEAD guidance could lead to broadband disparities

Why is Colorado reviewing its AI Act?

Mapping digital benefits delivery

Inside LA County’s homelessness prevention unit

State

City

Cybersecurity

Modernization