The hacking group Medusa has posted files it claims to have illegally obtained from the Tarrant Appraisal District network to the dark web, the appraisal district confirmed April 16.
In a statement to the Fort Worth Report, Chief Appraiser Joe Don Bobbitt said the agency limits the sensitive data it collects and is working closely with leading cybersecurity experts to review the affected data.
as victims of the data breach. Those victims were notified via mail last week.
鈥淲e made it a priority to quickly identify those potentially affected and initiated direct outreach through mailed notifications. TAD鈥檚 IT team is continuing to work with cybersecurity experts to monitor the status of Medusa鈥檚 leak site, and additional updates will be provided if there are any further developments,鈥 Bobbitt said in a statement.
A post by Medusa in a public channel on the messaging app Telegram reviewed by the Fort Worth Report noted that part of the data leak included personal data of TAD employees, financial documents and company contracts. The post includes 188 gigabytes of downloadable data.
Chandler Crouch, a Tarrant County tax consultant, told the Report he has started to review some of the released information. Crouch has seen driver鈥檚 licenses, military IDs and employee files.
鈥淭here鈥檚 a ton of stuff 鈥 that is either publicly available or, if you file an open records request, the appraisal district would gladly hand over to you if you just ask for it,鈥 he said.
However, Crouch has also seen data from Marshall & Swift, a real estate valuation service, which he said may be proprietary. In addition, there is a strong possibility that social security numbers were included in the leak, he said.
While the Tarrant Appraisal District鈥檚 does not require a social security number, the application form supplied by the does have an option for residents to include social security numbers. The appraisal district did not respond by the time of publication to a question about whether social security numbers were leaked.
鈥淭here may not be as many people that have put their social security number on the form,鈥 Crouch said, noting that most people will use their driver鈥檚 license when filing with the Tarrant Appraisal District.
Tarrant Appraisal District told the public on March 25 that the ransomware group . The district said it would not pay the ransom.
Murat Kantarcioglu, professor of computer science at the University of Texas at Dallas, said government organizations often have both lax security profiles and sensitive data.
鈥淭hey may be an easier target in that sense,鈥 he said.
Now, district officials are taking steps to change that. The appraisal district鈥檚 board of directors is set to meet April 22, where it will discuss and possibly take action toward hiring a cybersecurity consultant for a cost not to exceed $25,000 as well as purchase network equipment at a cost of no more than $210,000.
The board previously approved purchasing Office 360 and SentinelOne software. Board members also approved an agreement with Improving Enterprises for network support, security and system reviews, at a total cost of around $235,000.
The cyberattack and its fallout have featured heavily in candidate campaigns for the three open spots on the Tarrant Appraisal District board of directors. Of the six candidates who sat down for an interview with the Report, all cited fixing the district鈥檚 security issues as one of their immediate priorities.
Medusa is behind at least 206 ransomware attacks, mostly in the United States and Europe. In 2023, around 2,207 U.S. hospitals, schools and governments were impacted by ransomware attacks.
Sandra Sadek is a Report for America corps member, covering growth for the Fort Worth Report. You can contact her at sandra.sadek@fortworthreport.org or .
Emily Wolf is a government accountability reporter for the Fort Worth Report. You can contact her at emily.wolf@fortworthreport.org or .
At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policy.
This first appeared on and is republished here under a Creative Commons license.