The incident hits close to residents’ daily lives, impacting an agency that’s charged with helping vulnerable individuals meet a basic need. The Housing Authority serves seniors, people with disabilities and low-income households who are struggling to afford housing by funding some of their rent under the Housing Choice Voucher Program, also known as Section 8. Under the program, IHA directly pays landlords 60 percent to 70 percent of qualifying tenants’ rent checks, the agency explains on its website.
But IHA was hit by a ransomware attack earlier this month, according to local news station WISH-TV, and local station WTHR found many landlords still waiting for this month’s rent. Some also raised fears that their data could have been compromised in the attack.
Tenants are not at risk of eviction, despite the payment disruption, the IHA confirmed, according to WTHR.
By Oct. 13, IHA had reportedly issued a statement saying that it was working to investigate and respond to the incident.
“We have been working closely alongside our internal IT teams and external IT consultants, and we have sought the help of forensics experts to help us address this issue. IHA has also engaged law enforcement, who are working to identify those involved,” the statement read, per WISH-TV.
IHA also said it was working with its bank and the federal Department of Housing and Urban Development (HUD) to ensure payments reach landlords and vendors.
But as of Oct. 23, WTHR was reporting that many landlords were still waiting for their checks and had not heard whether their personal information was at risk.
Indianapolis Mayor Joe Hogsett said he’s working to make the city more cyber secure and advised IHA to increase defenses. “When we first learned about the breach, we contacted IHA and made sure they were ramping up and scaling up the technological expertise that they need to protect the data that may be subject to compromise,” Hogsett said, per WISH-TV.
He also told the station, “In the interest of full disclosure, we made sure that the city of Indianapolis was firewalled appropriately, so that our data would not be breached as the result of an intrusion.”