After suffering a ransomware attack earlier this month, the Indianapolis Housing Agency confirmed taking experts' assistance to discover the source and operators of the attack.
The hackers targeted the internal information and email system of the IHA. The private data of nearly 25,000 IHA residents plus the data from vendors and employees as well as financial transactions shared with the Department of Housing and Urban Development was put at risk.
“When we first learned about the breach, we contacted IHA and made sure they were ramping up and scaling up the technological expertise that they need to protect the data that may be subject to compromise,” Indianapolis Mayor Joe Hogsett stated.
Although the source of this ransomware attack is still under investigation, hackers typically secure access by sending an unsuspecting email. “Phishing attack is when you get an email that looks like it came from a friend or someone trustworthy, but that sender address has been spoofed,” Apu Kapadia, professor of computer sciences at Indiana University’s Luddy School of Informatics, Computing, and Engineering, stated.
Because these attacks could have foreign origins, it is challenging to identify the offenders. Hogsett claims he is preventing similar cyberattacks from affecting other city agencies.
“In the interest of full disclosure, we made sure that the city of Indianapolis was firewalled, appropriately, so that our data would not be breached as the result of an intrusion,” Hogsett said.
To ensure that landlords and vendors receive salaries on time, the officials at IHS are collaborating with its bank and the US Department of Housing and Urban Development.
Over the past few years, IHA is making headlines for the wrong reasons. IHA faced federal financial reviews after a federal whistleblower complained that the agency was operating at the whim of private investors who called their loans or moved to seize control of properties that were underperforming.
Marcia Lewis, IHA’s interim executive director recently extended her temporary one-year tenure while Mayor Hogsett has delayed his search for her permanent replacement even though the agency is selling off its interest in properties or contracting for on-site management.
According to IU Kelley Business School Professor Scott Shackelford, the risk of disclosing the hack is to tip off the hackers that the agency under attack and its clients are aware their data has been compromised while at the same time the victims need to be recommended to take precautionary measures to guard their data.
“As soon as the hack happens, the clock does start ticking and unfortunately that means that folks’ information, their identities, could be compromised almost immediately. First, you can put a fraud alert on your credit report,” advised Shackelford. “This makes it much harder for criminals for example to open up new accounts in your name because there’s going to be a double checking that has to happen before they do that. You could also think about freezing your credit.”
