The hacking group Medusa has posted files it claims to have illegally obtained from the Tarrant Appraisal District network to the dark web, the appraisal district confirmed April 16.
In a statement to the Fort Worth Report, Chief Appraiser Joe Don Bobbitt said the agency limits the sensitive data it collects and is working closely with leading cybersecurity experts to review the affected data.
Less than 300 individuals have been identified as victims of the data breach. Those victims were notified via mail last week.
“We made it a priority to quickly identify those potentially affected and initiated direct outreach through mailed notifications. TAD’s IT team is continuing to work with cybersecurity experts to monitor the status of Medusa’s leak site, and additional updates will be provided if there are any further developments,” Bobbitt said in a statement.
A post by Medusa in a public channel on the messaging app Telegram reviewed by the Fort Worth Report noted that part of the data leak included personal data of TAD employees, financial documents and company contracts. The post includes 188 gigabytes of downloadable data.
Chandler Crouch, a Tarrant County tax consultant, told the Report he has started to review some of the released information. Crouch has seen driver’s licenses, military IDs and employee files.
“There’s a ton of stuff … that is either publicly available or, if you file an open records request, the appraisal district would gladly hand over to you if you just ask for it,” he said.
However, Crouch has also seen data from Marshall & Swift, a real estate valuation service, which he said may be proprietary. In addition, there is a strong possibility that social security numbers were included in the leak, he said.
While the Tarrant Appraisal District’s homestead exemption form does not require a social security number, the application form supplied by the Texas Comptroller’s Office does have an option for residents to include social security numbers. The appraisal district did not respond by the time of publication to a question about whether social security numbers were leaked.
“There may not be as many people that have put their social security number on the form,” Crouch said, noting that most people will use their driver’s license when filing with the Tarrant Appraisal District.
Tarrant Appraisal District told the public on March 25 that the ransomware group demanded $700,000 for the breached data. The district said it would not pay the ransom.
Murat Kantarcioglu, professor of computer science at the University of Texas at Dallas, said government organizations often have both lax security profiles and sensitive data.
“They may be an easier target in that sense,” he said.
Now, district officials are taking steps to change that. The appraisal district’s board of directors is set to meet April 22, where it will discuss and possibly take action toward hiring a cybersecurity consultant for a cost not to exceed $25,000 as well as purchase network equipment at a cost of no more than $210,000.
The board previously approved purchasing Office 360 and SentinelOne software. Board members also approved an agreement with Improving Enterprises for network support, security and system reviews, at a total cost of around $235,000.
The cyberattack and its fallout have featured heavily in candidate campaigns for the three open spots on the Tarrant Appraisal District board of directors. Of the six candidates who sat down for an interview with the Report, all cited fixing the district’s security issues as one of their immediate priorities.
Medusa is behind at least 206 ransomware attacks, mostly in the United States and Europe. In 2023, around 2,207 U.S. hospitals, schools and governments were impacted by ransomware attacks.
Sandra Sadek is a Report for America corps member, covering growth for the Fort Worth Report. You can contact her at sandra.sadek@fortworthreport.org or @ssadek19.
Emily Wolf is a government accountability reporter for the Fort Worth Report. You can contact her at emily.wolf@fortworthreport.org or @_wolfemily.
At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policyhere.
This article first appeared on Fort Worth Report and is republished here under a Creative Commons license.