Bellone: Suffolk County Clerk’s Office deemed clean following massive cyberattack
County Executive Steve Bellone announced that the Suffolk County Clerk’s Office has been deemed clean following a massive cyberattack.
This comes after a preliminary forensic report found hackers gained entry through the county clerk's network, which led to the major ransomware attack in September.
Bellone stated that significant progress has been made to restore the county’s security.
"County IT replaced the clerk's firewall with the most up-to-date firewall protection with threat protections, which feature improved functionality with real-time centralized monitoring and notification,” he said.
Bellone also said the county can now begin restoring online services, starting with Suffolk's website.
All county services can now be accessed online, including civil service exam applications, paying traffic ticket fees or conducting title searches.
A preliminary forensic report discovered that hackers first gained access to county servers on Dec. 19, 2021 through the clerk’s office by leveraging a vulnerability in their system.
County Executive Steve Bellone said they have since learned that the clerk’s IT environment had significant security issues in every major system, ultimately giving hackers unfettered access to the county’s IT systems.
The cybercriminals obtained passwords and usernames of high-level employees that were kept in public folders on the clerk’s network and used those credentials to move through county systems. The clerk’s firewall was running on an outdated version of software that had “known published vulnerabilities,” Bellone added.
County IT personnel also discovered poor safeguards in place to protect backup data at the Clerk’s Office. Instead of being stored in a secure location, Bellone said some of the clerk’s backup tapes that contain sensitive server data were found in someone’s basement. County officials would not say where they located the tapes.
“I mean, these are actions or failures to act that are far beyond irresponsibility,” Bellone said. “The cybercriminals had more access to the clerk’s network than county IT ever did. Those issues no longer exist in the clerk’s office.”
The clerk’s former IT director, Peter Schlussler, has been on paid administrative leave since December. County officials said he did not implement critical security upgrades, ignored red flags of a cyberthreat and obstructed access to their systems after the Sept. 8 cyberattack, which delayed the restoration and recovery process by weeks.
County IT personnel have had to rebuild the clerk’s systems from scratch. Bellone said county systems are safer than they have ever been, but he admits that he should have followed recommendations from a 2019 assessment that encouraged the county to hire an additional executive-level cybersecurity position for more oversight.
“This county is not going to make that mistake again,” Bellone said. “We’re never going back to a segregated environment in which county IT doesn’t have visibility into critical departmental systems, such as in the Clerk’s Office for instance.”
The cyberattack has cost Suffolk County at least $6.8 million for restoration and recovery. At least 26,000 Social Security numbers were leaked and more than 470,000 driver’s license numbers of people with moving violations over the past decade may have been exposed.
The hack has exacerbated delays in voucher payments to businesses that do work for the county. Individual vouchers are worth anywhere from a few hundred dollars to hundreds of thousands of dollars each. There were still 3,400 vouchers in the queue as of late January, according to the county comptroller’s office.