IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Damage from Albany, N.Y., Cyberattack Dates Back to 2017

Damage from the 2019 ransomware attack on the city police department internal affairs computer system stretches back to files as early as September 2017, according to the district attorney’s office.

a hacker at a computer with lines of code in the foreground
(TNS) — The damage from the 2019 ransomware attack on the city police department internal affairs computer system went further back than previously revealed.

The district attorney's office said it recently found out the damage from the March 30, 2019 attack went back to September 2017. In a February letter, District Attorney David Soares' office modified its previous statement, saying only that digital data had been lost, rather than actual files.
"We were originally informed by the police department that the data loss included all of 2018," Soares' office said, according to a letter obtained by the Times Union. "On February 12, we received written clarification from the administrator of the network that the data loss was from September 12, 2017 to April 2, 2019."
Previously, in a January letter to some defense attorneys, the district attorney's office said all files for 2018 had been lost. The city emphasized that the attack did not damage any internal affairs files. Instead, the attack hit part of the indexing system of city police department's internal affairs case management program, called IAPro.
The system is part of the department's Personnel Early Warning System, which is used to identify and intervene when officers are demonstrating symptoms of job stress or other problems that are affecting their job performance.
In a statement last week, city spokesman David Galin said that index has been rebuilt.
"As has been communicated to the District Attorney's Office, a portion of the Internal Affairs indexing system (IAPro) was not recoverable due to the ransomware attack. The IAPro system manages data entry and serves as an index for the physical files which have and continue to be safely secure. As of February 25, the portion of the indexing system that was impacted by the ransomware attack has been fully rebuilt through manual re-entry of the information contained in the physical case files."
The city's statement did not explain why it took nearly two years to rebuild that portion of the indexing system. Police department spokesman Steve Smith said the department was only recently able to find a vendor to work with on the system.
But the city's assertion that no files were damaged or deleted was contradicted by a city-hired attorney in a federal civil rights case last week. Stephen Rehfuss, a former member of the city's corporation counsel, said a use-of-force incident report was no longer available due to the ransomware attack. Rehfuss is defending the city against a lawsuit filed by Ellazar Williams, who was shot in the back by a city detective in August 2018.
The city did not provide a clarification on what Rehfuss meant by deadline Monday.
Both the police department and the district attorney's office said last week no criminal cases were in jeopardy.
"All Albany Police Department Internal Affairs files have existed, and continue to exist, in their entirety and continue to be available for physical review by the Albany County District Attorney's Office, as is required of the DA per Judge Carter's ruling," Galin said in his statement.
"No cases have had negative sanctions at this time due to this issue. We will continue to work to be in full compliance and certify in good faith for all cases that we are able to," said Cecilia Walsh, a spokeswoman for the district attorney's office.
The district attorney's office asked for every department in the county to turn over portions of their officer's personnel files that might contain "impeachable" material after a November 2020 ruling in an Albany homicide case. That includes discipline, citizen complaints, allegations of misconduct and more.
In that ruling Albany County Judge William Carter said that the district attorney's office had to provide information on police officers who might be possible prosecution witnesses that was unrelated to the current case. Carter also said Soares' office's use of asking police to essentially self-report "impeachable" information was not in line with the intent of the state's discovery laws.
Soares' office has said they disagreed with the ruling, pointing to the fact that other judges across the state were not putting the same burden on other prosecutors.
The district attorney's office has been building its own database of police personnel files in order to comply with decision. The full impact of the ransomware attack on the city, how exactly how hackers gained access, has never been fully explained. The city said it did not end up having to pay the ransom because critical servers, such as human resources and treasury, were backed up. As of last month, the FBI said its investigation into who was responsible for the attack was ongoing.
The city paid out roughly $300,000 to recover from the ransomware attack. That cost covered destroyed servers, upgrading user security software, purchasing firewall insurance and other improvements to firm up the city's systems following the attack.
©2021 the Times Union, Distributed by Tribune Content Agency, LLC.