Cyber Incident Victim: Matagorda County
Date:
Jan 2025
Location:
United States of America
Summary
A Texas county government serving approximately 40,000 residents declared a disaster following a cybersecurity breach involving a virus that disrupted internal systems and operations. The incident, discovered through an unauthorized access point, affected multiple departments but left emergency services operational. Officials collaborated with cybersecurity professionals and state agencies to contain the breach, restoring some online services while establishing alternative payment methods for taxes due to in-person transaction disruptions. The FBI was notified, and an investigation into the cause remains ongoing, with no threat actor claiming responsibility. Concurrently, a separate ransomware attack at a major Texas institution compromised sensitive personal data of over 530,000 individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 24, 2025, Matagorda County, Texas, discovered a cybersecurity breach involving a virus affecting multiple internal county systems, prompting immediate emergency measures. County Judge Bobby Seiferman issued a disaster declaration that same day, mobilizing resources to address the unauthorized access point identified as the intrusion source. The breach disrupted operations across various departments, though emergency services remained unaffected. Cybersecurity professionals, the Texas Department of Public Safety Cybersecurity Division, the Texas Department of Emergency Management, and the Department of Informational Services collaborated to contain the incident to internal systems. The FBI was notified as part of the response protocol. Officials emphasized transparency in public communications while working to secure systems and assess potential exposure of sensitive information. Initial recovery efforts focused on isolating compromised infrastructure and preventing further spread of the malware.
The attack, discovered on Friday morning, forced the county to suspend in-person payments at government offices, though mail-in checks and designated tax payment drop boxes near the Matagorda County tax office were established to accommodate January deadlines. By Sunday, partial restoration of online services signaled progress, though full operational recovery remained ongoing. No ransomware group claimed responsibility, and investigators had not publicly attributed the attack to specific threat actors as of the last update. The incident impacted approximately 37,000 residents in the county located 90 minutes from Houston, mirroring disaster declarations adopted by other municipalities like an Indiana county and California city following similar cyber disruptions. Concurrently, Texas Tech University Health Sciences Center disclosed a separate ransomware attack affecting over 530,000 individuals, though this unrelated event involved explicit claims by the Interlock ransomware gang and distinct data theft patterns. Matagorda County’s investigation continued to determine the breach’s root cause and full scope while maintaining contingency measures for critical services.