City of Killeen provides update on cyber security incident

KILLEEN, Texas (Oct. 1, 2024) - The City of Killeen provided an update to citizens and Councilmembers Tuesday, following a cyber security intrusion that occurred on Aug. 7.

Willie Resto, Killeen's Executive Director of Information Technology, reported that a third-party review confirmed that 100% of servers have been restored and no personal data of citizens was compromised. He also confirmed that of the City's nearly 1,200 desktops and laptops, none were infected and no ransom payment was made. Resto confirmed that the City suffered a network outage for about 36 hours.

The background information that Resto reported confirmed that a ransomware operation initially accessed the City's systems in July 2024 through a virtual private network (VPN) account. The ransomware began to encrypt files on Aug. 7.

The IT department immediately activated a trained response plan to mitigate the cyber intrusion, which included proactively disconnecting from key systems like Bell County and Utility Collections / Finance systems. Infected physical and virtual machines were disconnected on the first day of notification and the last, known infection was removed the next day. The department worked diligently on restoring servers through a backup system, as their intended purposed is designed to do.

Resto pointed to Council support, which helped the department and City of Killeen be proactive and remain secure throughout this and any security breach attempt. In recent years, Council approved funding for backup systems and an upgrade of network equipment.

"Council support is what saved us," Resto said. "These backups enabled us to recover without paying a ransom. My job is safeguarding operational systems to ensure ongoing business functions without disruption."

On Aug. 7 while the City worked to fully restore services, Utility Collections residents were able to make payments online only, or use a pay-by-cash, check or money order option in person. In-person and affected services were fully restored by Tuesday, Aug. 13. The Municipal Court and Transfer Station were impacted the next day, but services were restored that same day.

Affected divisions, Utility Collections and the Municipal Court, reported no complaints from citizens during this period. Citizens were appreciative of all the hard work the teams put in to process items manually, as needed.

During his presentation, Resto acknowledged the security risk of answering some inquiries and providing secure information which could open up the City to more security risks.

Resto confirmed that the City spent about $35,000 for a forensic audit and about $2,000 for Transfer Station software repairs, which were able to be paid from budgeted funds.

The City of Killeen's focus is always the safety and security of the Killeen residents. Of the 160,000+ residents, less than 300 were impacted only by having to use manual services due to the cyber intrusion. The City's priority was informing that portion of the public, as the City measured the scope of the situation. If there was ever knowledge that more were impacted, this would guide the City's actions. A best practice in notifying the community in any situation is to identify a definite risk, then assess the potential impact and the length of the impact, which were all evaluated. Once it was discovered that the situation was mostly internal, the City notified those who were affected only within the aforementioned divisions, and only due to having to use manual payment options. Additionally, information was posted on the Utility Collections and Municipal Court webpages immediately. The City thanks the community for their patience as the City received no complaints and an abundance of understanding from the public.

During Tuesday's Council meeting, Resto showed how many cities and companies nationwide were victims of significant cyber security events within the last two months, totaling nearly 40.

The City of Killeen was able to minimize impact, recover quickly and limit issues, as a result of ongoing, consistent and careful planning, preparedness and investment efforts.

The City of Killeen takes this incident very seriously and is committed to safeguarding the information and services relied upon by the community. The City appreciates the patience and understanding of our citizens as we worked through this challenging situation.

Going forward, continued security measures include disconnecting connections to secure systems to protect sensitive data from being compromised, increasing employee education, implementing multi factor identification, having periodic reviews by outside organizations, conducting privacy and security risk assessments, etc.

To view the full video presentation, please visit www.KilleenTexas.gov/CouncilMeetings.

# # #