Jersey City utilities agency investigating ransomware attack that blocked access to ‘vital’ data - nj.com
Jersey City utilities agency investigating ransomware attack that blocked access to ‘vital’ data
Updated Dec 11, 2020; Posted Dec 11, 2020
Jersey City Municipal Utilities Authority
The Jersey City Municipal Utilities Authority at 555 Route 440, Friday, Dec. 11, 2020.Reena Rose Sibayan | The Jersey Journal
Facebook Share
Twitter Share
By Peter D’Auria | The Jersey Journal
The Jersey City Municipal Utilities Authority has hired a law firm to investigate a cyberattack that blocked access to “vital” water and sewer service information and led to an “emergency condition.”
The ransomware attack, which occurred “on or about” Sept. 30, caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” according to a resolution approved in October.
Ransomware attacks are a type of cyberattack in which hackers prevent administrators from accessing data until a ransom is paid. It’s unclear exactly what data the hackers targeted or how long JCMUA officials lost access to that data. But the authority ultimately determined the incident threatened the “health, safety, and welfare of the citizens of Jersey City,” the resolution states.
It’s unclear who was responsible for the attack or if JCMUA officials paid a ransom. But at the agency’s Board of Commissioners meeting on Oct. 22, the board approved an emergency contract with Mullen Coughlin, a Pennsylvania law firm specializing in cybersecurity, to conduct an investigation of the incident. Officials expect the cost of the contract, which will not exceed $25,000, to be covered by the New Jersey Utility Authorities Joint Insurance Fund.
Representatives at Mullen Coughlin declined to comment. JCMUA director Jose Cunha said in an email that the investigation is ongoing but did not reply to emailed questions.
The chairwoman of the agency’s Board of Commissioners also declined to comment.
Minutes from the Oct. 22 public meeting were not available on the JCMUA website. The Jersey Journal obtained the resolution through an Open Public Records Act request.
The cyberattack occurred less than two weeks after Jersey City Mayor Fulop wrote an op-ed for NorthJersey.com titled, “Jersey City is a leader on municipal cybersecurity. Here’s why” in which he touted the city’s “significant financial commitment to build the most sophisticated cyber defenses.”
Jersey City spokeswoman Kim Wallace-Scalcione noted that the JCMUA is an autonomous agency with a separate computer system from the city government. While it operates outside the purview of City Hall, JCMUA commissioners are appointed by the mayor.
“On the city side, the Fulop Administration has invested significant dollars to protect the residents of Jersey City with some of the most advanced cyber security in a municipal government and we have offered the leadership of the MUA help where they need us at this point.”
Updated Dec 11, 2020; Posted Dec 11, 2020
Jersey City Municipal Utilities Authority
The Jersey City Municipal Utilities Authority at 555 Route 440, Friday, Dec. 11, 2020.Reena Rose Sibayan | The Jersey Journal
Facebook Share
Twitter Share
By Peter D’Auria | The Jersey Journal
The Jersey City Municipal Utilities Authority has hired a law firm to investigate a cyberattack that blocked access to “vital” water and sewer service information and led to an “emergency condition.”
The ransomware attack, which occurred “on or about” Sept. 30, caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” according to a resolution approved in October.
Ransomware attacks are a type of cyberattack in which hackers prevent administrators from accessing data until a ransom is paid. It’s unclear exactly what data the hackers targeted or how long JCMUA officials lost access to that data. But the authority ultimately determined the incident threatened the “health, safety, and welfare of the citizens of Jersey City,” the resolution states.
It’s unclear who was responsible for the attack or if JCMUA officials paid a ransom. But at the agency’s Board of Commissioners meeting on Oct. 22, the board approved an emergency contract with Mullen Coughlin, a Pennsylvania law firm specializing in cybersecurity, to conduct an investigation of the incident. Officials expect the cost of the contract, which will not exceed $25,000, to be covered by the New Jersey Utility Authorities Joint Insurance Fund.
Representatives at Mullen Coughlin declined to comment. JCMUA director Jose Cunha said in an email that the investigation is ongoing but did not reply to emailed questions.
The chairwoman of the agency’s Board of Commissioners also declined to comment.
Minutes from the Oct. 22 public meeting were not available on the JCMUA website. The Jersey Journal obtained the resolution through an Open Public Records Act request.
The cyberattack occurred less than two weeks after Jersey City Mayor Fulop wrote an op-ed for NorthJersey.com titled, “Jersey City is a leader on municipal cybersecurity. Here’s why” in which he touted the city’s “significant financial commitment to build the most sophisticated cyber defenses.”
Jersey City spokeswoman Kim Wallace-Scalcione noted that the JCMUA is an autonomous agency with a separate computer system from the city government. While it operates outside the purview of City Hall, JCMUA commissioners are appointed by the mayor.
“On the city side, the Fulop Administration has invested significant dollars to protect the residents of Jersey City with some of the most advanced cyber security in a municipal government and we have offered the leadership of the MUA help where they need us at this point.”
