62°F
weather icon Clear
Las Vegas, NV
Nevada

Background checks, sex offender database still offline as Nevada recovers from cyberattack

Gov. Joe Lombardo said 90 percent of state public-facing websites are back online nearly three weeks after the cyberattack. (Las Vegas Review-Journal via YouTube)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo prepares to address the media before the start of a press conference o ...
Nevada Gov. Joe Lombardo prepares to address the media before the start of a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s on ...
Nevada Gov. Joe Lombardo addresses the media during a press conference on the state’s ongoing response to a ransomware cyber attack Friday, Sept. 12, 2025 in Las Vegas. (Benjamin Hager/Las Vegas Review-Journal)
More Stories
A box of food, enough to feed a family of four for a week, sits ready for pickup at City Impact ...
Nevada approves $30M to help fund food banks for expected influx
Some NV Energy customers are seeing a decrease in their energy bills beginning in October — w ...
Here’s how your NV Energy bill changed in October
An M-48 tank which fired uranium-tipped shells in the 1970s sits at the Nevada Test Site on Aug ...
What does Trump’s call for renewed nuclear testing mean for Nevada?
A view looking south down the Las Vegas Strip as seen from a pedestrian bridge at Flamingo Road ...
Report: Trump’s advisers considering Las Vegas for midterm convention
By / Las Vegas Review-Journal
September 12, 2025 - 10:42 am
 
Updated September 12, 2025 - 3:13 pm

Gov. Joe Lombardo said 90 percent of state public-facing websites are back online nearly three weeks after a cyberattack shut down many state services in Nevada.

“This kind of recovery is never easy,” he said during a press conference Friday. “It requires patience, precision and constant vigilance, but I want Nevadans to know we are making real headway, and every day brings us closer to full restoration.”

State officials learned of a massive ransomware-based cyberattack on Aug. 24 that shut down state websites and computer systems. Officials began working to put systems back online, though they warned it takes time in order to ensure that bad actors no longer have access.

Officials determined later that malicious actors removed state data, though it was unclear what kind of data. Last week Lombardo said it is not believed that state financial data and DMV records were taken. On Friday, the governor said there is still no evidence personal identifying information was compromised.

The public still does not know how the cyberattack occurred, who was behind it or what kind of data was taken. Lombardo was unable to answer any technical information about the attack during the press conference Friday.

Background checks, sex offender registry still down

Many systems have been restored, including Nevada’s website as well as 100 percent of DMV services, Lombardo said.

The other 10 percent of websites are key components to the state’s systems and require more due diligence to be restored, Lombardo said.

The Department of Public Safety and Governor’s Technology Office continue to work to restore Brady background checks from the National Instant Criminal Background Check System, which requires all federally licensed firearms dealers to run checks of people trying to buy a gun.

Lombardo said restoring that service is a priority, and he expects it will be recovered soon. Until then, the proper sale of firearms cannot occur for new gun purchasers, he said.

Background checks also have been at a standstill for workplaces requiring a background check to onboard new hires, such as medical facilities.

The sex offender registry database is also still down, but Lombardo said it is a public safety priority to restore that database.

Other systems still down include an e-filing system that workers’ compensation attorneys use to file important case documents. Attorneys warn that the system going down will cause a delay in injured workers’ cases being complete.

Addressing employee lockout

The governor also addressed concerns about a statewide password reset that locked many employees out of their email for hours without warning, affecting their ability to work. Lombardo said the state’s IT teams administered a statewide credential reset as a best practice security measure to remove any compromised credentials.

He added that state employees were not told about the password reset intentionally because broadcasting it would tip off criminals and increase attempts of account takeovers. When news was published about the password reset, the state received reports of phishing attempts and efforts to capture state credentials, Lombardo said.

Nevada has 25,000 employees, and “there isn’t an agency in the world that can transfer the entire agency’s email system seamlessly,” the governor said.

“Unfortunately, some employees were not able to work for several hours, but there’s a lot of functionality with the state employee outside of your traditional email system. They have a lot of responsibilities, and you’re not 100 percent encumbered by the failure or the inability to log into the system,” Lombardo said.

In the 72 hours after his first press conference about the attack, Lombardo said the state defended approximately 150 million hits to its firewalls.

“At this point in the recovery process, my team continues to balance transparency with operational security concerns,” he said.

The state is implementing stronger governance policies and controls, such as requiring a stronger minimum password standard and expanding multi-factor authentication, Lombardo said. Remote access also has been re-established for validated users with multi-factor authentication, he said.

Contact Jessica Hill at jehill@reviewjournal.com. Follow @jess_hillyeah on X.

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
MORE STORIES