City audit for KCMO reveals gaps in cybersecurity protections

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

KANSAS CITY, Mo. -- An audit shows city government has some work to do when it comes to protecting private information it collects from its own employees and from the public. A 27 page reports looked and evaluated five different categories of information: birth dates, social security numbers, medical information, bank account information and credit card numbers.

Auditor Doug Jones says pretty soon, personal information will be even safer in the hands of the city after an audit identified weak spots in the city's cybersecurity protocol.

"One of the things I think may be surprising: departments may have information of a certain type that you would never expect them to have,” Jones said.

However, he wouldn’t specify what that information was and which department had it.

“It’s one of those things where we just try to not let people know where some things are. No sense in helping people that might want to get their hands on information for nefarious purposes,” he said.

The audit looked at 19 city departments. While Jones would not comment on the weak points in detail, his report outlines recommendations in identifying what information the city collects, reviewing and eliminating unnecessary information, developing citywide policies and procedures, and developing an incident response plan.

"So if we did have a breach, we would know what to do when that happens, how to mitigate it, how to report it, how to handle it, how to fix it,” he explained

Although there has not been a breach originating from the city, the fact that there is not a blanket cybersecurity policy worries some people who have done business with the city.

"It should have been one of their priorities when they first opened this to take everybody's money and information,” said Adrienne Cranford.

It now falls on Kansas City Manager Troy Schulte to shore up the cybersecurity protocols. He was not available for comment on Wednesday, but there is a response from the city manager in the report, which you can read at this link.