In early February 2024, the Colorado Department of Public Defenders (OSPD) fell victim to a devastating ransomware attack that caused significant disruption to operations. While the agency is working vigorously to restore its systems, concerns have been raised about the potential for the personal data of individuals involved in legal proceedings to be stolen.
According to an official statement from OSPD, the Colorado public servant cyberattack was first detected around the second week of February. “On or about February 9, 2024, OSPD became aware that certain computer systems were locked by malware,” his official OSPD press statement reads.
OSPD Data Breach Disclosure: Revealing the Scope
In response, OSPD quickly initiated measures to stop the spread of the malware and began efforts to safely recover systems. However, it became clear that during the attack, files containing sensitive personal information may have been compromised.
“Continued evaluation of this issue has revealed that some files were copied without authorization in early February 2024. It may include certificate numbers, other government identification numbers, medical information, “and/or health insurance identification numbers,” an official OSPD press statement said.
Despite continued efforts to restore functionality, OSPD was cautious about disclosing specific details about the attack and the scope of the data breach. OSPD officials confirmed the incident but declined to provide further information about the perpetrator or the method used in the attack.
In a press statement issued on February 11, OSPD officials announced that they had temporarily disabled the computer network as a precautionary measure to prevent further damage. Although necessary for security purposes, this measure created significant disruption to OSPD systems and operations. As a result, OSPD’s ability to provide its usual range of services is limited, although efforts to alleviate these disruptions are ongoing.
Colorado Public Defender Road to Recovery
Updates provided by OSPD indicate that certain features are being restored. As of March 1, all his OSPD staff had email access restored, court offices across the state were back online, and court files were accessible.
Despite these achievements, challenges remain, especially when it comes to digital discovery tools. Disruptions to these tools require manual workarounds and delay file management and case processing. However, OSPD continues to work on resolving these issues and we expect further improvements in the near future.
In subsequent updates on March 11 and March 15, OSPD reiterated its commitment to restoring full functionality to all systems while ensuring operational security.
The agency continues to conduct a thorough investigation into the incident, with a focus on understanding the nature and scope of the cyberattack by the Colorado Public Defender. As part of its response efforts, OSPD is providing online resources to help individuals protect their personal information and stay informed about the situation.
Individuals who may have been affected by the OSPD data breach are encouraged to visit the official website to obtain more information and access available resources. Additionally, OSPD is committed to providing further updates as the incident progresses and additional measures are implemented to prevent future attacks.
The ransomware attack on OSPD serves as a reminder of the growing threat posed by cyberattacks targeting critical infrastructure and public institutions.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for informational purposes only and the user is solely responsible for the reliability of the information. Cyber Express assumes no responsibility for the accuracy of this information or the consequences of its use.
