A spokesman for the Missouri Department of Conservation said cybersecurity teams continue to investigate “suspicious activity” on one of its data servers after announcing the attack on Friday.
The department has activated its Incident Response Team and “as it learns more, including if any individual data has been compromised, MDC will communicate directly with the impacted stakeholders,” the agency said in a statement.
On Monday, an informal review of the agency website found many of the pages working without obvious glitches.
“Our third-party cybersecurity team continues its work to gain additional insight into the scope of the suspicious activity,” agency spokesman Joe Jerek said in an email Monday.
The 1,790-employee agency with a budget of more than $214 million issues permits for hunting, fishing and manages nearly 1 million acres of public land with more than 1,000 conservation areas.
Activities regulated by the department are big business in Missouri.
According to the agency, fish and wildlife recreation and the forest products industry generate more than $19 billion annually in economic impact and support over 85,000 jobs.
The cyber event comes after a 2022 audit of the agency found the department did not always remove accounts of terminated users. The report also found the department did not consistently enforce a network security system requirement that users’ account passwords be changed periodically.
In addition, the survey conducted by former Auditor Nicole Galloway found MDC did not proactively monitor for user accounts that have not been accessed or used for a specified period of time and does not have a policy requiring such review.
The department said at the time it was working to comply with the recommendations. Jerek did not immediately respond to a request for the status of those upgrades.
Current Auditor Scott Fitzpatrick announced last year he is conducting a new audit of MDC.
The state’s response also comes as Gov. Mike Kehoe has not filled any positions on the 13-member Missouri Cybersecurity Commission.
The commission was formed in 2021 as part of an effort to identify risks and vulnerabilities facing state government in regard to computer hacking and other online attacks from within or outside the U.S.
Last year, Missouri dealt with a major computer outage linked to an outside vendor. In July, Missourians seeking to renew driver licenses and access food benefits were among those facing delays after cybersecurity giant CrowdStrike experienced a major disruption.
In December, an event led Rhode Island to take down an online portal used by residents to obtain welfare benefits and health insurance, saying the event may have compromised the personal information of thousands of people.
Hackers on Feb. 3 attacked the Post-Dispatch’s parent company, Lee Enterprises, encrypting “critical applications” and stealing data.
©2025 the St. Louis Post-Dispatch, Distributed by Tribune Content Agency, LLC.
