The Tarrant Appraisal District found that less than 300 individuals had sensitive information impacted by a recent ransomware attack.
While the criminal investigation is still ongoing, the appraisal district board and staff are “galvanized” to improve the safety and security of the district’s systems, board chair Vince Puente said.
“We always need to remember the enemy is not the TAD organization. The enemy is not the TAD board. The enemy is not the public. The enemy is the criminals that are out there that are doing harm to all of us,” Puente said.
Those impacted by the ransomware attack will be notified by the Tarrant Appraisal District, which will provide them with assistance. A list of general guidance points will be posted on the district’s website as well, for those who are concerned their information may have been compromised.
The board is also cooperating with the Federal Bureau of Investigation and the Texas Department of Information Resources.
On March 21, the Tarrant Appraisal District suffered a ransomware attack by Medusa. The hacking group demanded $700,000 from the district, after a network disruption took systems offline, including the website, phones and email.
The district is currently in communication with the group, Puente said.
Chief appraiser Joe Don Bobbitt said all phone systems are fully operational again and laptops are being equipped with new security systems. The website is also online, except for the property search function, which is still down. The database remains inaccessible, Bobbitt said.
“While we cannot provide a precise timeline for full recovery at this moment, we are optimistic that operations will return to normal within the next few weeks,” Bobbitt said.
Over the course of three days, the board met in short executive sessions to discuss strategies to respond to the current attack while preventing it from happening again.
At their last board meeting, board members approved the purchase of Office 365 and SentinelOne software for improved security, technology testing and auditing. They also approved an agreement with Improving Enterprises for network support, security and system reviews. The cost is estimated at $235,000.
Murat Kantarcioglu, professor of computer science at the University of Texas in Dallas, said using Office 365 can be a good and affordable tool.
“It may be a good step, especially if you don’t have enough resources to do the security yourself,” he said.
“The response measures implemented today have been critical in securing the network and beginning the process of recovering, but I fear that there are significant investments needed in IT,” said board member Alan Blaylock, who also serves on Fort Worth’s City Council.
TAD’s IT department will be meeting with Tarrant County and the city of Fort Worth’s IT departments to discuss ways to avoid similar incidents in the future.
Board members thanked chief appraiser Bobbitt and staff for their response and swift action in response to the attack. Many members noted that they heard about the issues from the staff first rather than from constituents — a major change from previous administrations, they said.
Board member Rich DeOtte shared he had previously voiced concerns about a new website being rolled out in March 2023. Describing the past responses by the TAD administration as a disaster, he said he felt at the time that crucial details were being hidden.
This latest response has been night and day, he said.
“As the longest-standing appointed member of this board, I see this as a remarkable success so far,” DeOtte said.
The ransomware attack occurred just two months after chief appraiser Bobbitt took helm of the agency. While he was hired to fix issues within the appraisal district, Bobbitt said he’s now had to respond to this incident instead.
“We want to focus on the customer experience. And so we know this was a big impact,” Bobbitt said. “Ransomware, it’s more of, when are you going to get hit more than if you’re gonna get hit.”
Kantarcioglu said good cyber security doesn’t always prevent attacks but can significantly limit them.
“Similar to a car accident,” he said. “Sometimes you do all the best but some guy (is) drunk and can hit you. But if your seatbelt’s on, if you have a safe car with airbags, you have (a better chance).”
Kantarcioglu said the first step an agency should take following a cyber attack is to check its systems, find where the weaknesses are and what data may have been damaged as things come back online.
“All of your systems can be hacked and there may be malware everywhere. So you have to slowly rebuild everything and get (it back) online,” he said.
Emily Wolf contributed to this story.
Sandra Sadek is a Report for America corps member, covering growth for the Fort Worth Report. You can contact her at sandra.sadek@fortworthreport.org or @ssadek19.
At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policyhere.
This article first appeared on Fort Worth Report and is republished here under a Creative Commons license.