Cyber Incident Victim: Fort Bend County Libraries

On February 24, 2025, Fort Bend County Libraries became aware of a network disruption that impacted some services. IT professionals took immediate action to mitigate the impact. Most online resources were subsequently restored. The library continued to operate physically while the incident was investigated. The incident was kept confidential for nearly three weeks. On March 6, the commissioners court held a closed session titled “Deliberation Regarding Security Devices or Security Audits.” Following that meeting, the newspaper first reported the cyberattack. At the March 6 meeting, the county approved $2.615 million for computer, IT, and legal services without referencing the breach. At the March 11 meeting, an additional $76,000 was approved for prior contracts and $457,275 was allocated for Secure IT services. County officials stated that the investigation remained ongoing.

Library Director Roosevelt Weeks issued a statement on March 12 confirming the February 24 awareness of the network disruption. He described the immediate IT mitigation efforts taken after learning of the incident. He noted that most online resources had been restored. He mentioned that the library was working with cybersecurity professionals to investigate the matter. Weeks emphasized that the library intentionally limits the personal information it collects to name, address, phone number, email address, and date of birth. He stated that the library does not store Social Security numbers or financial data that could be used for identity theft or fraud. The library’s FAQs explained that there was no evidence to suggest that patrons’ sensitive personal information had been compromised. The FAQs also noted that library computers are equipped with software that erases user data after each patron’s session. They stated that overdue fines were waived until the network disruption had been resolved. ABC 13 TV reported San Jacinto College cybersecurity senior director Rizwan Virani saying the incident could have resulted from someone opening a link that allowed cybercriminals inside. Virani added that human error often leads to such breaches. He said the library may have been targeted for financial gain because criminals know the county’s budget. Virani referenced ransomware as a possible vector for the attack. He also referenced the historical presence of ransomware dating back to 1989 and the increased threat posed by CryptoLocker, which requires payment in cryptocurrency. The network disruption affected some online library services. Physical branches remained open for patrons to browse and borrow physical items with unexpired library cards. eBook access via OverDrive/Libby and Hoopla continued to be available. The library provided contact options through online chat, telephone, email, and in‑person assistance at its branches. The library committed to sharing updates on its website as the investigation progressed. The library could not provide a firm timeline for full service restoration while the investigation continued. The library waived all late fees until the network disruption was resolved.