During Wednesday’s press conference, it was confirmed what has been suspected since the cyberattack on state systems occurred over the weekend: that private data had been accessed and stolen by hackers.
However, during that press conference, as well as Thursday’s press conference, staff and the governor refused to answer questions about what information had been stolen and if the private information of citizens was jeopardized.
Lombardo addresses absence
Across the state, feedback was critical about the fact that Governor Joe Lombardo did not attend the press conference that his office called, and so a second press conference was held Wednesday in Las Vegas.
However, there was very little new information provided during the majority of the presser, and in some cases, state leadership who appeared in Carson City the day before read the same statements word-for-word that they had during Wednesday’s conference or on press releases issued.
Lombardo reiterated updates from Wednesday, including the fact that payroll, retirement, and education funding have been distributed. He said certain systems have been prioritized, like systems that law enforcement agents need to access as well as systems for the Nevada Department of Corrections. For example, access has been restored to criminal background checking software.
At the end of his introduction, he responded to the criticism, stating that, “I want everybody to be aware: I am fully engaged, I’ve never lost contact with any of my directors, and […] as constant as 24 hours a day, there have been constant conversations. I have never been unavailable as your governor during this time.”
During the Q&A, Lombardo appeared to become angry after being asked multiple questions about his absence. He said that he had previous commitments, including energy and water needs “in particular jurisdictions,” as well as emergency management at the Cottonwood Fire, and the ribbon cutting of a new Mormon Temple in Elko.
When asked why constituents hadn’t heard from him on Sunday, Monday, or Tuesday either, Lombardo said that he hadn’t been able to give any answers in the beginning while things were still under investigation, before becoming visibly flustered.
“Listen, this press conference is not intended to address my absence,” he said. “I’m here, I’m taking care of business, and it never swayed from my responsibility as your governor. This press conference is to provide the constituents of the state of Nevada, our current situation in the state of resources and to give you a window into when we will have complete resources occurred.”
Claims of transparency seemed to fall flat due to the fact that the presser was only open to the media and was not streamed for the public. However, Lombardo said that Nevadans have “clear, reliable access to information on how to navigate this situation” through the Office of Emergency Operations website, which will be updated regularly.
Data theft questions go unanswered; citizens asked for patience
“We know that some data has been extricated, but we don’t know what that data entails at this point,” Lombardo said. “If … we eventually find out it contains personal identifiers, obviously, we’ll make that public as soon as possible.”
When asked about the data leak, CIO Timothy Galluzi said that it is still under investigation, but “if there is a confirmed leak of personal data,” the state would take the steps to contact those individuals affected.
When asked if there was a security audit of the systems prior to this incident, Galluzi said, “The state’s technology infrastructure remains under a pretty frequent audit from multiple entities pretty regularly. So I would have to answer yes.”
When asked what Lombardo wants to say to constituents who are “scared and worried” about their data being stolen, Lombardo said: “Be patient.”
“Have patience, have patience. We understand their concern, and it’s our first priority to inform people if their information has been compromised. We can’t say that currently. As we work through our third-party vendor to address this particular issue, we can get that information out as soon as possible.”
He said that as soon as they know if personal information was leaked, the public will be informed.
He declined to answer whether or not there was a ransom, or what the motive of the hackers had been.
However, he said that “all [options] are under consideration” relating to whether or not the state would pay a ransom, or refuse and rebuild all of their systems from scratch.
“We are currently evaluating the best path forward,” he said. “As you can imagine, the complicated systems and the amount of data that is within the system take a long time for the merge of that information and the production ability to use that information. So any cyber attack, no matter what the intrusion level is, is a very difficult situation to mitigate, and we’re working through that process.”
Lombardo stated that the state was no longer under attack, but systems remain offline to make sure they’re “safe.” He said there was not a single point of failure across the state, and with some other departments in “silos,” they were not affected by the issue.
Governor tells media: ‘Too much coverage on attackers’
Lombardo opened his remarks with a chastisement of the media, stating: “Over the last several days, too much of the coverage has been focused on the attackers. I assure you the investigation is ongoing and progressing. It’s frustrating, I understand, but a lot of that information is confidential, it’s moving quickly, and we don’t have all the answers associated with it.
“I know it’s important for the public to be aware, but we can’t compromise the investigation as a result of a zest for information. Transparency is present, and I want you comfortable with that. If it is something that would affect the safety of constituents of the state of Nevada, you will know, and I appreciate your cooperation in that effort. What I ask our team to provide you with is information as quickly as possible, but to prioritize accuracy over speed.”
When asked if the reason for the failure was due to an archaic security system, Lombardo said no, and that the state has been updating its security systems, and that he “is confident at where we’re at.”
However, Tim Robb, Homeland Security Advisor to the Governor, stated that they do not know how long the intrusion had been occurring, but it was noticed on Sunday morning, and its origin is still under investigation.
We will continue to update the community as more information comes out about the security breach.
Looking for specific department information?
Visit https://www.oem.nv.gov/recovery/ for a full list of impacted departments and their status.
