As Nevada recovers from cyberattack, questions remain about attacker and personal data leaks

(The Center Square) - The cyberattack on the Nevada state government dragged through its second week as questions about the attacker's identity and personal data leaks remained unanswered.

The cyberattack was first discovered Aug. 24. Since then, state government websites across Nevada have been slow to return to full function as information has trickled out of the Governor’s Office.

“As of right now, we are operating almost fully back to normal business operations,” Hailey Foster, the Nevada Department of Motor Vehicles public information officer, told The Center Square Wednesday. “We opened up our offices yesterday to handle all vehicle transactions … In addition, we got MyDMV back up and running.”

The MyDMV website Wednesday afternoon said transactions remained temporarily unavailable for driver's licenses, IDs and address changes.

All late fees from the Nevada DMV for vehicle-related payments were waived through Aug. 29, when the services returned to operation. Late payments for driver's licenses and IDs – both in person and online – continue to be waived until those services return, with the DMV not giving an estimated date for its full recovery.

Most state departments have returned to partial operation like the DMV, but some remain fully offline. The website for Gov. Joe Lombardo’s new Nevada Health Authority, designed to consolidate Nevada health care operations, remained fully out of operation over a week after the attack. The website for Nevada’s Office of New Americans was also down.

In response, the state set up a website to track the recovery effort with twice-daily updates through the Nevada Office of Emergency Management and Homeland Security.

The recovery site confirmed that data was moved outside the state’s network, but has yet to confirm if any personal data was stolen.

In the event that personal information was leaked, “We will notify impacted Nevada residents in the most expedient time possible and without unreasonable delay, while making sure notification does not hinder law-enforcement efforts,” read the recovery homepage.

The website made note of the ongoing investigation by the state with the FBI and the Cybersecurity and Infrastructure Security Agency.

The Governor’s Office has cited the federal investigation to justify not sharing more information about the attack.

In the 11 days since the cyberattack was discovered, Gov. Joe Lombardo has spoken publicly once about it. No comment has been made about the motivation or identity of the attackers, as Nevadans wait to see if their personal data was stolen in the breach.

Emergency services are fully functional. The state has warned to be especially wary of online scams at this time. For more information, visit www.oem.nv.gov/recovery.