Cyberattack Shuts Down Village Computers, Staff Told To Keep Secret

SKOKIE, IL — Someone gained unauthorized access to the village of Skokie's computer systems, leading to a network outage that village officials sought to hide from the public, Patch has learned.

In response to the cyberattack, records show village officials spent more than $42,000 on computer hardware and IT consultants in the month following Dec. 18.

That was the day IT Director Tomasz Tarasiuk asked village staff to shut down their computers "until further notice" due to what he described as a "Village-wide network outage."

The following day, Assistant Village Manager Nicholas Wyatt informed employees that "a cybersecurity incident was recently discovered in our network" and village staff had hired "a team of external experts, who are helping us understand the full extent of the situation."

On Dec. 21, Wyatt notified staff that the village was "impacted" by a cyberattack, but officials were unsure whether the employees' sensitive data had been compromised.

"We promptly responded and are investigating the attack to determine the scope and extent of it," Wyatt said. "Unfortunately, we are not in a position to provide more details until that investigation continues further."

Wyatt instructed village staff not to tell the community what was going on.

"If members of the public inquire about this network outage/ staff should provide only the following response. Please refrain from sharing additional details," Wyatt said. "Sharing inaccurate or incomplete information may have serious, unintended consequences. 'The Village is experiencing a network outage impacting some of its computer systems. Staff are working to resolve this issue as quickly as possible. We appreciate your patience.'"

The assistant village manager also pledged to "notify all impacted persons" — if the probe into the breach determines that intruders gained access to employees' personal data.

Wyatt revealed on Jan. 9 that a hacker had stolen data from the village's computers, but he said the investigation had not yet confirmed that any employee data had been misused.

"Unfortunately, the investigation, while ongoing, found that an unauthorized actor acquired certain files and data stored within Skokie's environment," Wyatt said.

He also said the village had hired a "leading cyber forensic investigation firm who assisted in confirming the security of our network environment and conducting an investigation to determine the nature and scope of the incident."

According to heavily redacted invoices obtained by Patch through a public records request, the only companies hired by the village to respond to the outage were Techno Consulting of Oak Park, Cititechs, Inc. and Gregg Communications — none of which could be fairly described as "leading forensic investigation firms." (Following the publication of this article, a village spokesperson said its insurance company covered the cost of "outside expertise and support" from the London-based first CFC.)

Village officials provided all employees with two years of free credit monitoring services.

Last month, a village staffer told Patch they were unable to comply with the Freedom of Information Act due to what they described as a "network outage" with no end in sight.

Current workers and some former employees at Skokie Public Library, whose personal financial information was also handled by the village's network, were informed with a letter sent out the week of Jan. 15, according to communications between Wyatt and Library Director Richard Kong.

Securities and Exchange Commission rules adopted in July 2023 require public companies to disclose cybersecurity breaches within four days.

The disclosure can only be delayed if the U.S. attorney general declares that it would "pose a substantial risk to national security or public safety" and notifies the SEC in writing.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said, announcing the new rules.

In Illinois, the Personal Information Protection Act requires villages to disclose any data breach involving personal information to affected individuals within a reasonable timeframe.

If more than 500 Illinois residents are involved, a village must also notice the Illinois Attorney General's Office. (Patch has requested any notification the village may have provided the attorney general. A village spokesperson declined to answer how many people were affected by the hack.)

Invoices obtained by Patch show the village spent about nearly $1,600 with Gregg Communications, nearly $2,900 with Amazon Business Services, more than $6,000 at Costco, more than $16,157 with Cititechs, Inc., and $16,100 with Techno Consulting after the "incident was discovered in our network."

A village spokesperson said no one paid any ransom to anyone after the breach, but declined to say if it had been the victim of a ransomware attack.

Following the publication of this article, village staff issued a statement announcing that the investigation into the incident remains “ongoing.”

“The village appreciates the public’s patience and understanding," it said, "and will share further updates as more information is available."