Have you been wondering why it has been impossible to log into the City of Hobbs website the last few days? The reason is a good one. Don’t worry; it’s not your fault.
On Thursday, August 12, security specialists at the Hobbs IT Department noticed unusual activity on the city’s server. They immediately took a proactive approach to get to the bottom of the problem and quickly discovered that more than one server had been breached. To ensure the security of the data of both staff and clients, access to and from the city’s internet was disconnected.
According to a City of Hobbs press release transmitted late on Tuesday, August 17, the problem has been corrected. All servers have been restored and are now functioning properly.
During the period access to and from the internet was shut down, some city services did not function. Credit card payments at CORE and other facilities did not work. The city switched to using manual payments. Such payments were accepted when and where possible.
The city took all measures necessary to ensure that data of clients and staff was not breached. “Automatic payments ran once the network connection was restored. At the time of this press release, there is no indication of compromise of customers’ payment methods nor of confidential employee information,” states the city in the press release.
The press release goes on to say that IT security staff acted quickly when the network security breach was discovered, removing the unauthorized user from their system. “This was a critical decision which is responsible for preserving countless valuable documents and data.”
“Hobbs was lucky, and it shows how important having an IT department is for any organization,” said Clayburn Griffin, a local cybersecurity expert. “Most businesses and organizations in the area don’t take cybersecurity seriously. They think they’re too small to get the attention of hackers, but today hackers cast a wide net looking for vulnerabilities.”
Cyber attacks are on the increase, and prevention is expensive. Often smaller and mid-sized communities simply do not have the “funding and expertise to bulk up their cyber defenses,” states Scott Shackelford, chair of the cybersecurity program at Indiana University Bloomington, in a recent Reuters article. Fortunately, Hobbs was able to bring in a consultant to help resolve the problem and restore the internet.
While many organizations can’t maintain fulltime IT staff, the ubiquity of technology has made access to cybersecurity consultants vital. “We recommend for companies without their own IT workers in-house to have us come in at least quarterly for routine inspection and cybersecurity checks,” says Griffin.
Shortly after the beach was discovered. an emergency meeting was called. The city’s IT security specialists notified city leadership, department directors, and personnel of the threat and that access to the internet had been disconnected. Members of the city council had previously been notified of the situation.
During the four business days and weekend that the city’s internet was disconnected, an outside cyber security consultant was brought in to assist in the restoration of City of Hobbs networks and servers.
In the press release, City Manager Manny Gomez states, “The urgency and skills IT Staff displayed in handling this situation is an example of the competency in this department. While we apologize for any inconvenience this caused the public, we have complete faith in Staff’s abilities and were more than willing to warrant them and the contractor all necessary time and resources to completely correct this issue and get us back online. We appreciate the public’s patience and understanding during this time.”
The mission statement of and additional information about the city’s Information Technology Department is available at the City of Hobbs website. The mission statement says that the department “strives to provide high quality technology-based services, in the most cost-effective manner, to facilitate the City of Hobbs operations and its services to the community.” The proactive approach the Hobbs IT security team took to quickly identify and solve the recent cyber breach that threatened the city and its stakeholders is an example of how the department achieves its mission.
For additional information about last week’s incident and/or any unanswered questions, contact the City of Hobbs at (575) 397-9264.
