IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Tyler Technologies' Internal Systems Hit by Ransomware

Responding to a flurry of online concern about the fact that the company makes software for posting election results, Tyler Technologies said that product isn’t hosted on the network that got hit.

Tyler Technologies, one of the largest gov tech companies in the world, discovered Wednesday that it has been hit by a ransomware attack that gave an intruder access to internal phone and IT systems and disrupted user access to some internal systems.

As of Thursday afternoon, the company’s website displayed a message explaining that the company realized early Wednesday morning that an unknown third party had “disrupted access to some of our internal systems.” The message said the company responded by shutting down points of access to external systems, recruiting outside IT security and forensics experts, notifying law enforcement and implementing enhanced monitoring systems.

“Based on the evidence available to date, all indications are that the impact of this incident is limited to our internal corporate network and phone systems, and that there has been no impact on software we host for our clients,” the message read. “Our hosted environment is separate and segregated from our internal corporate environment. We have activated enhanced monitoring to supplement the monitoring services we already had in place, and we have detected no unauthorized or malicious activity or compromises in client systems that Tyler hosts. Furthermore, we currently have no reason to believe that any client data or client servers have been affected.”

Tyler is headquartered in Plano, Texas, and makes a wide range of software for government, including for enterprise resource planning, courts and public safety, education, fleet management, permitting and land use. It also makes software that election officials use to share election results with the public.

The company's website said it found no outages in any of its online payment systems, and that its product for publishing election results is hosted offsite on Amazon Web Services, not on the internal network that was hit by ransomware. It added that while election officials can use Tyler’s platform to post aggregated election results, it’s not the system of record for any elections, nor does it store individual voting records.

The extent to which the intruder accessed private information is unclear, as Tyler specified only that they accessed internal phone and IT systems and “disrupted access.” Tyler has not specified which systems, or whether accessing internal IT systems allowed the intruder to copy data without altering it.

The computer help website BleepingComputer reported on Wednesday that it was a RansomExx ransomware attack, a rebranded version of the Defray777 ransomware that targeted the Texas Department of Transportation in May, the business technology company Konica Minolta in July, and the laser company IPG Photonics earlier this month.

This is an unfortunate development for Tyler after recent milestones, exceeding $1 billion in revenue in 2019 and landing on the S&P 500 list in June. According to the company’s website, it employs 5,500 people and is projecting $1.2 billion in revenue in 2020.

A spokesperson for Tyler referred inquiries to the company's website, where she said the company will continue posting updates.