Editor’s note: This article has been updated with comment from the Indiana Supreme Court.
A major provider of software services to state, county and local governments, including the online publishing of election results and the online records system for Indiana state courts, told customers Wednesday that an unknown intruder broke into its phone and information technology systems.
Tyler Technologies, a Plano, Texas-based S&P 500 company, said in an email to customers that it discovered the breach Wednesday morning, contacted law enforcement and enlisted outside cybersecurity help. It did not say whether ransomware may have been involved. Tyler is the provider for Indiana courts’ Odyssey case management software, records from which are available online at mycase.in.gov.
Tyler provides software services for everything from jail and court management systems to payroll, human resources, tax and bill collection and land records. It also serves schools.
“We were notified last night by Tyler of the unauthorized access and their response. They have kept us informed of their investigation and remediation efforts,” Indiana Supreme Court outreach coordinator Sarah Kidwell said in an email.
“We took immediate action to ensure access to our systems is secure. At this time, we have no reason to believe electronic filing or court data are affected or at risk.”
County governments in the Seattle, St. Paul, Minnesota, and Nashville areas have used the Tyler’s software Socrata to share election data in the past, although it was not immediately clear whether they still do or how central the platform is to their election operations.
Department of Homeland Security officials have warned that election results reporting systems could be attractive targets for hackers seeking to interfere in the Nov. 3 presidential election. They could also be inadvertently targeted by profit-seeking ransomware purveyors.
Tyler did not immediately respond to phone calls and emails. On Twitter, it said “a network issue” was affecting its phones and website that it was “working to resolve as quickly as possible.”
“At this time and based on the evidence available to us to-date, all indications are that the impact of this incident is limited to our internal network and phone systems,” said an email sent to customers and obtained by The Associated Press. “We currently have no reason to believe that any client data, client servers or hosted systems are affected.”
An FBI spokeswoman in Dallas could not immediately say whether the agency is involved in any way. The Texas Department of Information Resources did not immediately respond to a request for comment.
Tyler’s customers include Des Moines, Hartford and St. Louis County, according to a 2019 copy of its website on the Internet Archive. In a June earnings report, Tyler said it had 5,500 employees and 26,000 installations in all 50 states, Canada, the Caribbean, Australia and other locations.
A cybersecurity expert assisting municipalities that are Tyler customers, Mike Hamilton of CI Security, voiced concern that hackers may have obtained access to the passwords of customers stored on its network and could penetrate their systems.
Hamilton, a former chief information security officer for Seattle, said Tyler should be notifying customers to immediately reset all their passwords as a precaution.
“It’s completely possible that bad guys have been in there for a good amount of time,” he said.
In ransomware attacks, criminals often break into company and government networks and siphon out data before scrambling them and demanding payouts. They threaten to make the stolen data public if the victim doesn’t pay up.
Texas has seen a series of these attacks over the last two years. The victims have included parts of the state court system and the state transportation department this year, and more than 20 local governments last summer. Brett Callow, an analyst with the cybersecurity firm Emsisoft, said Tyler may have been hit with the same ransomware that struck the Texas Department of Transportation, based on an encrypted file uploaded to the Google-owned malware identification service VirusTotal in June that included ‘tylertech’ in the file name.
Data breaches often are not discovered until months after the fact.