Breach at Software Provider to Local Governments, Schools

September 25, 2020 by

DALLAS — A major provider of software services for governments and schools across the United States, Tyler Technologies, told customers Wednesday that an unknown intruder broke into its phone and information technology systems.

It could not immediately be determined whether ransomware may have been involved.

The Plano, Texas-based company, whose website was offline, said in an email to customers that it discovered the breach Wednesday morning, contacted law enforcement and enlisted outside cybersecurity help.

Tyler software provides service to state and local governments for everything from jail and court management systems to taxing, bill collection and land records. The publicly traded company said in a June earnings report that it had 26,000 installations with local, state and federal government entities in all 50 states, Canada, the Caribbean, Australia and other international locations.

Tyler did not immediately respond to phone calls and emails Wednesday. On Twitter, it said “a network issue” was affecting its phones and web site and that it’s “working to resolve as quickly as possible.” The company’s website homepage said it was temporarily unavailable but provided no additional information.

“At this time and based on the evidence available to us to-date, all indications are that the impact of this incident is limited to our internal network and phone systems,” said the email sent to customers and obtained by The Associated Press. “We currently have no reason to believe that any client data, client servers or hosted systems are affected.”

An FBI spokeswoman in Dallas could not immediately say whether the agency is involved in any way. The Texas Department of Information Resources did not immediately respond to a request for comment.

Tyler’s customers include Des Moines, Hartford and St. Louis, County, according to a 2019 copy of its website on the Internet Archive. The archived website said its company software is “the perfect fit” for everything from small towns to counties serving more than 2 million people.

A cybersecurity expert assisting municipalities that are customers of Tyler’s Munis software suite, Mike Hamilton of CI Security, said he was particularly concerned that hackers may have obtained access to the passwords of customers stored on its network and could penetrate their systems.

Hamilton, a former Seattle chief information security officer, said Tyler should be notifying customers to immediately reset all their passwords as a precaution.

“It’s completely possible that bad guys have been in there for a good amount of time,” he said.

Munis manages core business functions for government agencies and schools, from payroll to human resources and revenue management.

In ransomware attacks, criminals are increasingly breaking into company and government networks and siphoning out data before scrambling them with encrypted programs and demanding payouts. They threaten to make the stolen data public if the victim doesn’t pay up.

Texas has seen a series of these attacks over the last two years. The victims have included parts of the state court system and the state transportation department this year, and more than 20 local governments last summer. Brett Callow, an analyst with the cybersecurity firm Emsisoft, said Tyler may have been breached with the same ransomware that attacked the Texas Department of Transportation, based on an encrypted file uploaded to the Google-owned malware identification service VirusTotal in June that included `tylertech’ in the file name.

Data breaches often are not discovered until months after the fact.