KNOXVILLE, Tennessee — The city of Knoxville says it has identified and is now notifying everyone whose personal data may have been tapped by hackers in a summer ransomware attack.
"Notification letters are now being mailed out to those affected, in accordance with applicable law," a brief news release from Kristin Farley, communications director, states.
The invaders put some city employee files on what's called the Dark Web. The files included information that's typically public such as pay and job title.
City of Knoxville officials have said they paid no ransom, despite demands. "Threat actors" usually demand money when they remotely crash a computer system and steal files.
Farley also said the city's investigation into the malware attack also is now over. Knoxville hired outside experts and lawyers to help it track and recover after the incident.
Farley, in an email to WBIR, said Knoxville had spent to date $168,691.51 to address the incursion, including fees for expert services.
Within hours of the attack, the city hired a law firm -- Mullen Coughlin of Wayne, Pa. -- and cyber specialists CrowdStrike Services Inc. of California, records show.
Mullen Coughlin was to "investigate, provide legal advice and otherwise assist with response to a potential data security incident," the city contract states. It's been assisting with matters that include public response to the attack.
CrowdStrike was to "assist (the city) with responding to a suspected computer security incident," its agreement states.
Its work was to include using its in-house technical tools to analyze what happened, what was affected, how to combat the attack, and what steps to take going forward.
Attackers broke into the city system early June 11. The city worked this summer to recover.
Among those departments affected was the Knoxville Police Department, which for a time stopped taking some reports from the field by computer.
Governments and agencies hit by malware end up paying thousands and sometimes millions of dollars to recover.
Experts said the attack on Knoxville appeared to be through what's called DoppelPaymer. Knoxville was at least the fourth U.S. city to have its data stolen via DoppelPaymer. Others are Pensacola, Fla., Torrance, Calif., and Florence, Ala.