Cyber Incident Victim: City of Richardson, Texas
Date:
Sep 2024
Location:
United States of America
Summary
The City of Richardson experienced a cybersecurity incident where an external party temporarily accessed its servers and attempted to encrypt data files, though automated security systems contained the impact to a limited number of files. As a precaution, internal server access was restricted, affecting some file systems, while critical services including emergency response, online payments, and customer portals remained operational. The city is assessing potential data compromise but has found no early evidence of sensitive data access, collaborating with the FBI and DHS on the investigation while restoring systems through equipment replacement and backup recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 25, 2024, at 6:22 a.m., the City of Richardson, Texas, experienced a cybersecurity incident when an external party temporarily gained access to municipal servers and attempted to encrypt data files within the network. Automated security systems immediately responded, containing the impact to a limited number of files before the attack could propagate further. As a precautionary measure following the breach, the City proactively shut down internal access to its servers, which restricted employee access to certain file systems while leaving critical public-facing services operational. Preliminary assessments indicated no early evidence that sensitive data had been accessed or exfiltrated by the threat actor, though the specific nature of the compromised data remained under active investigation. The incident did not disrupt essential municipal functions, with emergency response systems, online payment portals, solid waste service requests, and other customer-facing applications continuing to function normally throughout the event. City Manager Don Magner acknowledged the persistent threat of such incidents to municipalities while emphasizing that existing security protocols had successfully contained the breach.
In response to the incident, the City initiated a coordinated recovery effort involving equipment replacement and data restoration from backups to rebuild internal systems. Richardson authorities engaged federal law enforcement partners, including the Federal Bureau of Investigation (FBI), which assumed an investigative role, while the Department of Homeland Security (DHS) received notification and disseminated alerts to other agencies to monitor for related activity. The City established a dedicated online FAQ resource (www.cor.net/CyberFAQ) to communicate updates as restoration efforts progressed, though no determination had been made regarding potential impacts to individuals or the need for identity protection resources. Internal system restoration remained the primary operational focus, with no timetable publicly disclosed for full recovery of administrative functions. The City maintained its commitment to transparency, pledging to provide additional updates as more information became available through forensic analysis and federal investigations.