INDIANAPOLIS — The internal information and email system of the Indianapolis Housing Agency has been down since at least Monday after being hacked by cyber thieves.

“It’s my understanding that there has been an intrusion of the computer system,” said Mayor Joe Hogsett. “I don’t know the technical aspects of it but I do know it is a serious matter. One that IHA is taking seriously and one that the City is providing whatever support IHA needs to resolve the issue.”

The personal information of approximately 25,000 IHA residents plus the data from vendors and employees as well as financial transactions shared with the Department of Housing and Urban Development are likely at risk.

“We find this cyberattack offensive and are in communication with the housing authority and will offer any assistance within our authority to help IHA resolve this issue,” read a statement from HUD which provides the local housing agency with more than $70 million annually to provide housing for low-income Marion County residents.

IHA and federal investigators are trying to determine the identity of the hacker and the demands to release control of the server.

One expert said the average cost of resolving a data breach is $4.4 million.

In 2016, the information systems of the City of Anderson were hacked.

That breach cost Anderson city government a $21,000 ransom plus another $170,000 to repair the damage.

”You’d think especially in the public sector where after all these are public servants and, of course, they’re trying to do a good job but, ultimately, they’re stewards of our information of our citizens’ data,” said IU Kelley Business School Professor Scott Shackelford. “If anything, there’s even a higher responsibility to protect that, but, of course, the resources don’t always meet that expectation.”

IHA has been troubled for years, under audits and federal financial reviews, the subject of a federal whistleblower’s complaint and operating at the whim of private investors who called their loans or moved to seize control of properties that were underperforming, have an excessive number of vacant units, are rundown or in disrepair and plagued by crime and mismanagement as the agency has experienced an exodus of employees.

IHA’s interim executive director, public housing veteran Marcia Lewis, recently extended her temporary one-year assignment into 2023 while Mayor Hogsett has delayed his search for her permanent replacement even though the agency is selling off its interest in properties or contracting for on-site management.

The risk of publicizing the hack is to tip off the cyber thieves that the agency under attack and its clients are aware their data has been compromised while at the same time the victims need to be advised to take preventative measures to protect their information.

”As soon as the hack happens, the clock does start ticking and unfortunately that means that folks’ information, their identities, could be compromised almost immediately,” said Shackelford. ”There does need to be a balance there, but you would like to think, especially as we sit here with a lot of experiences under our belt, that we would lean toward accountability and owing up with hopefully a response plan in place to make sure that any damage is minimized as possible.

”First you can put a fraud alert on your credit report,” advised Shackelford. “This makes it much harder for criminals for example to open up new accounts in your name because there’s gonna be a double checking that has to happen before they do that. You could also think about freezing your credit.”

Mayor Hogsett said he was confident that the IHA data breach impact would be localized as the City’s information systems are separate from IHA’s

”Obviously I’m concerned about that,” he said. “We want to protect the information, we want to minimize and limit the intrusion, eliminate it altogether, and we’re providing resources to support IHA’s effort in that regard.”

IHA employees contacted FOX59 News to report they’ve been on the job all week but were unable to process their work due to the system shutdown.

Residents have also complained that they haven’t been able to move into units or have property issues resolved as a result of the email outage.

The Indianapolis Housing Agency issued the following statement:

The Indianapolis Housing Agency (IHA) has become the victim of a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt organizations by locking down the organization’s computers and IT systems, in exchange for the payment of a ransom.

When we first discovered evidence of the ransomware attack, we immediately began investigating using internal IT teams, external IT consultants, and also sought the help of forensics experts. We have also been working with law enforcement in this incident.

Because of the continuing investigation, we are unable to provide more details at this time.