The Tarrant County chief appraiser has been visiting local government entities and providing an update on how the district will fix its security issues following the recent ransomware attack that compromised the information of 300 people.
As previously reported by The Dallas Express, the Tarrant Appraisal District (TAD) was the victim of a ransomware attack in which hackers demanded $700,000 to prevent the release of sensitive information on the dark web. The deadline passed, and the cybercriminals are believed to have published the data.
“If they accessed all employee files and all exemption applications, it could be a sizable amount of personal data,” Chandler Crouch, a local realtor and taxpayer activist, explained to DX in April.
“It’s evil, it’s criminal,” TAD Chairman Vince Puente said of the ransomware attack in a statement to DX.
However, the update on efforts to prevent future breaches provided by Chief Appraiser Joe Don Bobbitt to the Watauga City Council on May 13 seemingly downplayed the leak.
Bobbitt told the council members that the database was “not actually compromised” even though the district servers had been hacked, per KERA News. He pointed out that the vulnerability had been caused by outdated software and hardware.
“We have equipment and services and software that is 10-to-15 years old in most cases, and so a lot of things are out of firmware and is no longer supported, the machines are no longer supported,” Bobbitt said.
He added that TAD’s board of directors has authorized the purchase of both software and hardware, with an end goal in mind of transitioning to a cloud-based system.
Watauga Council Member Andrew Neal told KERA that the fact that TAD has had two data breaches in as many years “reflects in this attitude of security as an afterthought when it should be actually on everybody’s foremost thought.”
When Neal asked Bobbitt how hackers were able to breach the district’s servers, the chief appraiser declined to go into detail, citing security concerns. But Neal said it’s important to understand exactly what happened in order to hold the procedures and individuals at fault accountable.
“If we’re looking at and we’re seeing the county adopting these really crazy poor practices and security, and it’s got my data, it’s got the mayor’s data, it got all of our data on there, and it’s not secured,” Neal said, “it just, it calls into question about responsibility.”
As The Dallas Express previously reported, the City of Dallas has suffered several ransomware attacks over the past few years.
After several servers were compromised in November 2022, the Dallas Central Appraisal District paid $170,000 in cryptocurrency to the group responsible. City leaders also allocated half a million more from the taxpayer-backed emergency fund towards efforts to improve cybersecurity.
As Bobbitt explained at the May 13 meeting, Watauga City Council was just the first of many stops Bobbitt plans to make on his tour to solicit feedback from governing bodies and residents within the TAD to “improve relationships with entities and our taxpayers.”
Bobbitt plans to visit Haslet, Saginaw, Haltom City, Lakeside City, and Dalworthington Gardens this month. He has also recently visited the City of Keller and a Fort Worth Independent School District school board meeting.