9 Investigates: Kannapolis didn’t alert public when cyberattack knocked out police dispatch

KANNAPOLIS, N.C. — More than a year ago, a cyberattack knocked out the system used in Kannapolis to dispatch police and firefighters.

You wouldn’t know that based on what the city told the public.

It wasn’t until Channel 9′s Hannah Goetz started investigating that the truth is finally coming to light, along with a debate between city leaders about their own credibility.

It happened on Feb. 28, 2022. The city of Kannapolis fell victim to a cyberattack. These types of attacks aren’t uncommon; a quick Google search will return dozens of instances of cities targeted by cyber criminals -- but not this one.

City officials told Goetz that’s because there was no “major public impact.”

“There was no data breach; we didn’t lose any customer data, we didn’t lose any employee data,” said Kannapolis City Manager Mike Legg. “The fact there were no real significant losses to public services because of those reasons, there was no ransom that was ever asked for. There was never any money involved in this situation. There was not much to say to the public.”

But we learned that the computer-aided dispatch system used by the Kannapolis Police and Fire departments for calls went down. Calls to 911 had to be routed through Cabarrus County, and police and fire dispatchers had to resort to using pen and paper.

The departments did say that there was no delay in emergency response times.

It’s information the city didn’t share when the attack happened.

We reached out to the city the day the attack happened. Communications Director Annette Privette Keller sent a statement, saying: “We have had some internal internet issues today. We have not received a request for ransom ... We expect everything to be completely back to normal once we finish all of our scans.”

‘That was a fabricated statement’

9 Investigates put in a public records request about the incident that week. The city sent us those records 11 months later, and they tell a more complicated story.

One email from then-assistant city manager Eric Davis on the day of the attack read, “Our initial statement was way too light and not accurate ... I understand wanting to minimize damage, but I don’t want our credibility challenged either.”

Davis sent another email that week, writing: “The reality is that our entire network was completely obliterated in a cyberattack. This was not a minor internet glitch. That was a fabricated statement to make the news media go away.”

After we spent months reviewing documents and making numerous requests for an on-camera interview, Legg agreed to speak with Channel 9 about what happened.

He disputes that any statements were fabricated.

“You know, when a crisis like that happens, you go into this mode where emotions run high,” Legg told Goetz.

‘I do not want to send this’

We showed Legg several emails, including one from Privette Keller that had a draft statement providing more details about the “external cyber assault.”

It’s a statement that we never received until getting our records request fulfilled.

That email from Privette Keller went on to say, “I do not want to send this at all, or at least until tomorrow or later tonight, as it would become ‘Breaking News’ and receive too much attention. It is a slow news day.”

Goetz asked Legg about the delayed response to our initial questions, asking if Privette Keller’s “slow news day” message makes him question credibility or how we should view city officials.

“No, I don’t think so,” Legg said. “I think we’ve, historically, been very transparent, and we’ve been open to any media inquiries across the board ... We felt we solved that problem; we solved it openly and we solved it quickly, and we moved on.”

Who should know?

We asked residents whether they feel they should have been informed about the impacts of the attack.

“I would rather scare everybody here telling them the truth than to hide something and not tell them the truth because I have not done my job as a leader,” said Robert Foster.

“It would be nice to know, yes, probably not that important to know actually because there are backup systems,” said James Tourville.

Goetz asked Legg the same question.

“Do you think the city deserves to know we are having some issues, even if you said people weren’t impacted, just in case anything did happen?”

“Well, if people asked, we certainly weren’t hiding anything, but we weren’t going to go out and aggressively tell the entire community what was happening, because, again, it wasn’t affecting anything but how we do our jobs,” Legg said.

Legally, cities aren’t required to let residents know about an attack if personal information hasn’t been compromised.

The city of Kannapolis did report the attack to state officials. In one email, a member of the statewide recovery team commended their response and recovery efforts. The city told us that insurance covered much of the cost, but Kannapolis still paid $50,000 out of pocket.

Legg said city employees and city council members were notified immediately when the attack happened.

After our interview with Legg, we reached out to Davis to follow up on his claims in those emails. We never got a response, and Davis has since retired.

Legg said the city’s systems have mostly recovered since then.

(WATCH: Kannapolis flood victims say city is forcing them from homes)

Hannah Goetz

Hannah Goetz, wsoctv.com

Hannah is a reporter for WSOC-TV.