Cyber Incident Victim: DeSoto tornado emergency sirens

On March 12, 2019, between 02:30 and 04:00 AM local time, a hacker activated tornado warning sirens across DeSoto and Lancaster, Texas, two adjacent suburbs south of Dallas. The unauthorized activation triggered over 30 emergency sirens—10 in DeSoto and 20 in Lancaster—with sporadic alarms also reported in nearby Red Oak, Cedar Hill, and Glenn Heights. The sirens cycled on and off intermittently but did not blare continuously for hours. The incident caused widespread panic among residents, who were already alert due to forecasts of severe storms in North Texas. Officials from both cities confirmed the activations were intentional cyber intrusions, ruling out technical malfunctions or coincidental failures. Lancaster authorities stated the "widespread impact" across two municipalities indicated deliberate targeting by individuals with "hostile intent," classifying the act as criminal sabotage rather than routine vandalism.

DeSoto and Lancaster disconnected their siren systems from networks the morning after the hack, leaving them offline indefinitely. This occurred amid active severe weather threats, including a powerful thunderstorm that struck the region on March 13, causing property damage and power outages but no tornadoes. The incident echoed a similar 2017 Dallas County breach where hackers exploited unencrypted radio signals to trigger 156 sirens overnight, prompting Dallas to implement signal encryption. Security researchers had previously identified vulnerabilities like "SirenJack" in 2018, demonstrating how attackers could hijack siren controls. No arrests or specific threat actor details were disclosed in the 2019 incident, though officials emphasized prosecution would follow identification. The hack disrupted emergency readiness but did not result in casualties or operational failures during the subsequent storm due to the absence of actual tornadoes.