Ransomware attack on Plainfield Town computer system was avoidable, consultant says
A former consultant for the town of Plainfield, Connecticut says they could have avoided a ransomware attack that targeted the town and police computer systems in March. The cost to rectify the damage caused by the cyber-attack will cost around $350,000.
Trave Harmon, the CEO of Triton Technologies, an IT security company said he inspected the town’s computer systems a few years back and provided a report to the town with recommendations. “I’ve been there at the finance hearings, begging for servers, begging for workstations, begging for more security,” Harmon said.
Last year, he also wrote to First Selectman Kevin Cunningham after President Biden warned about increased cybersecurity attacks on the U.S. Those warnings have only intensified since the Russian invasion of Ukraine.
Harmon said the town’s response was lackluster.
“It didn’t happen,” he said. “And so, it is a systematic collapse of lack of funding, lack of proper security. And just not overall any kind of security policy or methodology.”
As a resident of Plainfield, Harmon said he has made repeated attempts, before and since the cyber-attack, to volunteer his services. He said officials never contacted town residents about the cyber-attack or whether their personal data has been breached.
“Can I say for certain? Absolutely not. Have I been told by people who had it, yes, but the problem is that we don’t have any more details,” Harmon said. “As a citizen my details are in there. I don’t know what they are. Am I expecting a car to suddenly be on my credit report? We’ve got nothing so that becomes a problem.”
WSHU reached out to the town of Plainfield about the attack and Harmon’s comments but has received no reply. Two weeks after the cyber-attack in March, Cunningham, the town’s first selectman, said they were taking all available actions open to them.
“To get cyber ware up and running so we have the firewalls locked off, so we have better support per computer. So, yeah there’s a cost related to that,” Cunningham said. “We’ve never had a full time IT person. We’re talking about doing that. So, we can be a bit more up on the times.”
“It’s not a big town, but it’s a town though that still needs to get with the times, as many towns do.”
In April, Cunningham said they were in negotiations with the bad actors who hijacked their systems after seeking advice from the FBI.
Plainfield has yet to report the cyber-attack or breach of personal data to the state Attorney General’s office, which is required under state law.