Cyber Incident Victim: Travis Central Appraisal District
Date:
Sep 2019
Location:
United States of America
Summary
A cyberattack targeted the Travis Central Appraisal District, disrupting operations for approximately one week. The incident compromised multiple systems including website property search functionality, phone and email communications, and Computer Assisted Mass Appraisal infrastructure. Agency officials publicly confirmed the attack after restoring services, noting significant operational impacts across public-facing and internal assessment platforms during the outage period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 11, 2019, at approximately 9:30 p.m., the Travis Central Appraisal District (TCAD) experienced a cyberattack that disrupted critical operational systems. The attack immediately impacted the agency’s website property search functionality, internal and external communications via phone and email, and its Computer Assisted Mass Appraisal (CAMA) systems used for property valuation and assessment workflows. This disruption persisted for approximately one week, severely limiting public access to appraisal records and hindering the district’s ability to conduct routine operations. The attack’s timing coincided with the evening hours, suggesting potential targeting of off-peak periods to maximize impact before detection. Initial public reports indicated only website malfunctions, but the full scope of compromised systems became clearer as the outage extended beyond initial expectations. Technical staff initiated emergency protocols to isolate affected infrastructure, though specific containment measures were not publicly detailed. Service degradation prevented taxpayers from accessing property records online, while staff faced operational paralysis due to email and phone system failures. The CAMA system outage directly impeded appraisal activities, creating bottlenecks in core valuation processes. No initial statement was released by TCAD during the first week, leaving stakeholders uncertain about the cause and severity of the disruptions.
TCAD Chief Appraiser Marya Crigler formally confirmed the cyberattack on September 19, 2019, eight days after the initial incident, attributing all service interruptions to malicious external activity. The delayed acknowledgment followed internal investigations to assess the attack’s origin and full technical impact, though no threat actor group or motive was disclosed publicly. Recovery efforts spanned multiple days, with gradual restoration of property search tools and communications systems occurring throughout the week following the attack. The prolonged outage affected taxpayer interactions, including inquiries about valuations and deadlines, forcing reliance on in-person services at TCAD offices. No evidence of data exfiltration or compromise of sensitive personal information was reported, limiting the incident’s consequences primarily to operational downtime and service accessibility issues. The agency did not disclose whether ransomware or specific malware variants were involved, nor did it confirm the existence of any ransom demands. Internal IT teams collaborated with unspecified third-party cybersecurity experts to remediate systems and reinforce defenses against follow-up attacks. Normal operations resumed fully after approximately seven days, though the district did not publish a detailed post-incident analysis or long-term mitigation plan for public review. The incident underscored vulnerabilities in local government appraisal infrastructure without triggering regulatory disclosures typically associated with data breaches involving personal information.