IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Texas County Continues Recovery From Library Cyber Attack

The district attorney’s office in Fort Bend County is investigating the Feb. 24 breach of the county’s library system, which led to $2.6 million in contracts with cybersecurity companies. Some library systems are still down.

cyberattack security. red padlock alert broken showing that cyber attack and risk. vector illustration.
(TNS) — Fort Bend County Attorney Bridgette Smith-Lawson has refused to release copies of government contracts detailing how $2.6 million in taxpayer funds is being spent following a cybersecurity attack on the county's library system.

Under the Texas Public Information Act, government contracts are usually considered public information, but the county declined to provide copies of the contracts to the Houston Chronicle.

The Chronicle on April 14 requested copies of the contracts between Fort Bend and the firms Netsync Network, Weaver, NVM, Microsoft and Foley & Laudner. The five companies were retained to address the Feb. 24 breach.

The county appealed to the Texas Attorney General's Office to withhold the documents.

The reason for the denial, according to the letter sent by the county to the attorney general, is that "the responsive records relate to a case that is currently pending with the Fort Bend County District Attorney's Office."

The district attorney's office is investigating the cyber attack, said Assistant Fort Bend County District Attorney Wes Wittig, but he doesn't know why the county is withholding the contracts.

LIBRARY SYSTEM BREACH COSTS $2.6M TO ADDRESS


The breach knocked out the library system's catalogue and e-library services. The website has since been restored, but access to features such as the catalogue, user accounts and applications are still down. The library is waiving late fees until "the network issue has been resolved," according to the library system website.

The county declined to comment on the nature of the breach.

To address the crash, the county signed $2.6 million in contracts with various cybersecurity companies. Netsync Network will be paid $1.8 million. Weaver will receive $300,000. NVM will be contracted out at $172,000. Microsoft will be paid $173,000 and Foley and Lardner will receive $150,000.

Another $20,000 was allocated for "communication services" to Lawson, the county attorney seeking to withhold all the contracts.

Lawson did not respond to a request for comment.

COUNTY REJECTS OPEN RECORDS REQUEST


Government contracts are such clear examples of public information that the Texas Association of Counties describes them as "super public documents."

Super public information, according to the association, "includes categories of contracting information, including, but not limited to the total overall price the county will or could pay under a contract, a description of the items or services and associated cost for the item or services if identified in the contract."

Government contracts are "obviously public" information, said Joe Larsen, an attorney who specializes in media and government law, but government entities frequently claim cybersecurity as grounds for rejecting an information request.

They're able to do so, he noted, because the Homeland Security Act, passed in 2002, allows for easy rejections.

Larsen is skeptical of contracts rejected for cybersecurity purposes, he said, because it's an "easy" way to skirt government transparency laws.

If a government body is sensitive about a cyber attack, Larsen said, "they're going to claim there's confidential financial information... and claim that it reveals information about the computer system that bad guys could use to exploit the computer system."

Prior to the passage of the Homeland Security Act, Larsen said, a government agency would have had no choice but to release a government contract.

"The way it used to be, it's a contract with the government. You've got to release it," he said. "But now the bar is very low."

©2025 the Houston Chronicle, Distributed by Tribune Content Agency, LLC.
Sign up for GovTech Today

Delivered daily to your inbox to stay on top of the latest state & local government technology trends.