The website, known as the ESS Portal, allows state workers to report time off and manage their health savings accounts, retirement information and deferred compensation accounts.
Those affected range from Missouri Highway Patrol troopers to social service workers and legislative staffers. The outage came as state workers were juggling end-of-year financial tasks, like managing their health savings accounts or taking holiday time off.
Gov. Mike Kehoe’s administration, however, is not saying the system was hacked, in response to an inquiry from the Post-Dispatch.
“I would not characterize it the way you’ve put it,” Office of Administration spokesman Shayne Martin said Wednesday.
In an email, Martin said the administration was alerted by a third-party vendor to “suspicious activity” within a limited number of deferred compensation user accounts, which officials believe were accessed via the ESS Portal.
Deferred compensation plans allow employees to delay receiving part of their pay until a future date, usually retirement.
In response, the office’s information technology division “took immediate action to secure our systems by placing the ESS Portal into maintenance.”
“Our fraud protection systems successfully blocked all unauthorized transactions,” Martin said. “(O)ur priority is ensuring that employees have uninterrupted and confidential access to their personal information.”
A notice on the portal said Thursday the site is undergoing maintenance. Workers can still access their information by clicking directly on the links to the information they are seeking.
The difference is that employees must log in separately to each site they are visiting.
“We recognize that this service interruption is an inconvenience and while we work on a resolution, you may access several services via the direct links below,” the announcement notes. “Please be prepared to log into each site individually as you navigate between them.”
The suspicious activity comes as Kehoe has followed the lead of his predecessor, Republican Mike Parson, in failing to appoint any members to a commission designed to protect Missourians from cyber attacks.
Although the Missouri Cybersecurity Commission was put into law in 2021, neither Parson nor Kehoe has named any of the eight members to the panel, despite an ongoing threat of online attacks.
The commission was formed as part of an effort to identify risks and vulnerabilities facing state government in regard to computer hacking and other online attacks.
The panel is supposed to meet at least quarterly and make recommendations to the governor to reduce the state’s risk of cyber attack and to identify best practices for the state to work offensively against cyber threats.
The commission also is supposed to prepare an annual report to the governor outlining possible vulnerabilities.
The latest intrusion is among a handful of major computer outages Missouri has dealt with in recent years.
In March, the Missouri Department of Conservation reported a hack that shut down its systems, which issues permits for hunting, fishing and manages nearly 1 million acres of public land with more than 1,000 conservation areas.
In July 2024, Missourians seeking to renew driver licenses and access food benefits faced delays after cybersecurity giant CrowdStrike experienced a major disruption.
Many of the state’s driver license facilities closed their doors for the day after determining they’d been affected.
At the Missouri Department of Health and Senior Services, a supplemental food program for women, infants and children — known as WIC — also was temporarily shut down during the Crowdstrike incident.
©2026 the St. Louis Post-Dispatch, Distributed by Tribune Content Agency, LLC.
