Cyber Incident Victim: Tarrant County Appraisal District

On March 21, 2024, the Tarrant Appraisal District (TAD) experienced a criminal ransomware attack that disrupted its computer network, prompting an immediate response to secure systems and investigate the breach. The attack occurred ahead of a board member election, with TAD confirming the incident publicly on March 22 after initiating internal cybersecurity protocols and engaging external experts. Hackers issued a $700,000 ransom demand, threatening to release personal information if unpaid, though the group’s identity remained unverified; TAD officials suspected the Medusa ransomware group based on preliminary findings. The district reported the attack to the Federal Bureau of Investigation and the Texas Department of Information Resources, committing to full cooperation with investigations. This marked the latest in a series of cybersecurity incidents affecting TAD, following previously reported attacks in 2022 and December 2023. During an emergency board meeting on March 25, TAD leadership acknowledged the severity of the breach, with Board Chair Vince Puente characterizing it as evidence of “evil” infiltrating their operations. The board authorized expenditures up to $235,000 for immediate recovery measures, including licensing Microsoft Office 365 and SentinelOne endpoint security software, alongside contracting an external cybersecurity consultant. TAD attorney Lindsay Nickle stated investigators prioritized determining whether taxpayer data was compromised, though no evidence of exfiltration or exposure had been confirmed as of March 25. Operational systems were gradually restored based on priority, with the public website remaining accessible but lacking functionality for property account searches or data retrieval during initial recovery phases.

The ransomware attack disrupted core functions of the district, which assesses property values for tax jurisdictions across Tarrant County, impeding access for property owners, real estate professionals, and local governments reliant on its databases. Tarrant County Judge Tim O’Hare expressed frustration via social media, linking the breach to systemic issues under prior leadership while expressing hope that new board members and a new Chief Appraiser would resolve security deficiencies. Community members, including resident Daniel Bennett, criticized TAD’s historical handling of cybersecurity, alleging past intrusions were inadequately addressed or concealed by previous administrations. TAD officials emphasized continuous, around-the-clock investigations to assess data compromise risks and restore full operations, declining to confirm or deny whether taxpayer information remained secure. As of March 25, no decision had been made regarding ransom payment, with the district evaluating all response options in consultation with law enforcement and cybersecurity advisors. The incident caused operational delays, with TAD staff manually processing certain transactions while systems underwent restoration, though officials did not specify an estimated timeline for full recovery. Public communications reiterated TAD’s focus on securing networks, analyzing attack vectors, and mitigating further exposure, without disclosing technical specifics of the breach or the ransomware variant involved. Board member Joe Don Bobbitt characterized the emergency funding as addressing immediate needs while acknowledging broader cybersecurity improvements would require future investments and policy revisions. The attack underscored persistent vulnerabilities in TAD’s infrastructure, compounding existing public skepticism regarding data protection practices following repeated incidents over a two-year period.