Cyber Incident Victim: City of Houston
Date:
Sep 2022
Location:
United States of America
Summary
The City of Houston experienced a website compromise involving unauthorized blog posts appearing repeatedly over several weeks. Unusual content included spam promoting mail-order brides, online gambling, exam papers, and cybersecurity advice, often written in garbled English and falsely attributed to a city employee. At least 29 such posts were published alongside official city announcements, prompting internal IT investigations after media inquiries. The incident disrupted normal website operations and introduced unverified content to municipal communications channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Houston's official website experienced a series of unauthorized blog posts appearing intermittently from September 13, 2022, onward. At least 29 anomalous entries were published under the "uncategorized" section of the site, interspersed with legitimate municipal content such as public safety announcements and health service updates. The posts contained garbled or nonsensical English promoting topics including mail-order brides, online gambling platforms, academic exam papers, and cybersecurity advice like password creation and virus avoidance. One entry advertised a matchmaking service for "Hard anodized cookware women" (sic), while another claimed to facilitate connections with "Nerdy Women of all ages." The city's Housing and Community Development Department employee Ashley Lawson was falsely listed as the author, though she had no involvement in creating or publishing the content.
City Communications Director Mary Benton initiated an internal review after local media inquiries about the suspicious activity, escalating the matter to Houston's Information Technology Department for investigation. The compromised posts remained publicly visible for weeks, undermining the website's credibility as an official information source. No additional technical details regarding the intrusion vector—such as compromised credentials, software vulnerabilities, or malware—were disclosed publicly. The incident exposed gaps in content monitoring protocols, as the fraudulent entries persisted undetected alongside routine administrative communications until external scrutiny prompted action. Municipal authorities did not release statements confirming data breaches, service disruptions, or financial impacts resulting from the incident.