Work continues on plugging up the remaining leaks in the city of Pensacola’s computer system, one month after being hit with ransomware.
Mayor Grover Robinson, at his first news conference for 2020, said moving forward is the prudent thing to do.
“We’ve see nothing that has been, I guess, internally problematic or personal in nature for employees, pensioners, customers or people that we’re dealing with in housing,” said Robinson. “At the same time we just thought it was the right thing to do to protect people.”
Joining the mayor at the podium was the city’s public information officer. Kaycee Lagarde said letters would be going out by the end of this week to customers, pensioners and others doing business with the city who were affected by the cyberattack.
“It’s just under 57,000 letters; I think we initially sent out around 60,000,” Lagarde said. “And they’ll be offered that LifeLock protective services for one year.”
To that end, the city may be contracting out some of that work to LifeLock. Mayor Grover Robinson offered a clarification on just what is being offered for free, and actions regarding contracts and services.
“We did meet with UWF; they were very helpful,” said the Mayor. “One of the things they told us to do is, ‘you need to have your system audited to know where your problems are and what’s going on.’ The first thing we said is, ‘well, we’d like to hire you guys to do that,’ and they said ‘we don’t compete [with] the private sector.’”
That’s when Deloitte and Touche were brought in -- not just to discuss what happened, but to prevent it from happening again.
“This is a little more in-depth; it’s really kind of looking at us internally in making suggestions to us,” Robinson said. “We’re already in the process of looking at some of those things with technology. I know over the next couple of weeks in looking at what some of the changes are, what do we do, [and] what are the recommendations that come out of this for dealing with our technology.”
Those on the city’s IT staff came in for praise from the mayor for their work in getting the system back to normal. But Robinson added that there are some things that need to be re-addressed.
“The backup we had was sufficient for us to be able to move forward and not have to deal with the ransom, [or] pay the ransom,” said the Mayor. “We had the information; we still had to go through that week of cleaning everything. We hope that when Deloitte gets here and show us areas where we were exposed, what we need to do better, and how we can change. We’re going to make those changes and move forward.”
While conceding that some data were released during the cyber-battle, Mayor Robinson said it was material that could have been obtained in any number of ways, and were not exactly critically-sensitive information.
“But, there’s other information that we know that we lost,” said Robinson. “We can’t confirm what that information was, so we thought it prudent and the right thing to do to protect those individuals that we thought were most exposed.”
LifeLock protection services and mailing the notices are projected to cost about $201,000; Deloitte & Touche’s contract is about $141,000. There could be some additional costs if the city uses LifeLock for call center services, but nothing’s been finalized.