According to an update Saturday on the company’s website, which was still offline save for the message as of Monday afternoon, the company received reports from clients about several suspicious logins. The company strongly recommended that clients reset the passwords Tyler staff would use to access their remote networks, and the credentials Tyler staff would use to access client applications. Tyler also asked that any agency that finds a suspicious login send an email to security@tylertech.com.
Tyler discovered the ransomware attack on Sept. 23, and as of Sunday it maintained that the attack only targeted the company’s internal corporate network and phone systems, and not the separate environment that hosts client systems. The company said it has disconnected points of access between its internal systems and client systems as a precaution, and it has started targeted monitoring. So far the company has found no compromises in client systems hosted by Tyler and no hiccups in online payment systems or its own internal payroll systems, which are also hosted separately from the corporate network.
Tyler said it’s been in contact with the FBI and is still working with law enforcement and independent IT experts on an investigation.
One of the largest gov tech companies in the world, Tyler Technologies makes software to help government agencies with many things, including enterprise resource planning, courts and public safety, education, fleet management, permitting and land use, and publishing data — including election results — online. In light of numerous reports about cyberattacks aiming to undermine faith in U.S. elections, all of Tyler’s statements about the ransomware attack have said that the company’s software for publishing election results is hosted offsite on Amazon Web Services, separate from its internal network. None of Tyler’s products store individual voting records or act as a system of record for any elections.
The company’s website doesn’t specify what information the intruder might have retrieved, or whether that information could give an intruder access to client systems in the future. Last week, the company’s website included a statement that “we currently have no reason to believe that any client data or client servers have been affected,” which is no longer on the website. Asked whether the intruder could have retrieved client data, a company spokeswoman referred inquiries to the message on Tyler’s website.
