Under the Texas Public Information Act, government contracts are usually considered public information, but the county declined to provide copies of the contracts to the Houston Chronicle.
The Chronicle on April 14 requested copies of the contracts between Fort Bend and the firms Netsync Network, Weaver, NVM, Microsoft and Foley & Laudner. The five companies were retained to address the Feb. 24 breach.
The county appealed to the Texas Attorney General's Office to withhold the documents.
The reason for the denial, according to the letter sent by the county to the attorney general, is that "the responsive records relate to a case that is currently pending with the Fort Bend County District Attorney's Office."
The district attorney's office is investigating the cyber attack, said Assistant Fort Bend County District Attorney Wes Wittig, but he doesn't know why the county is withholding the contracts.
LIBRARY SYSTEM BREACH COSTS $2.6M TO ADDRESS
The breach knocked out the library system's catalogue and e-library services. The website has since been restored, but access to features such as the catalogue, user accounts and applications are still down. The library is waiving late fees until "the network issue has been resolved," according to the library system website.
The county declined to comment on the nature of the breach.
To address the crash, the county signed $2.6 million in contracts with various cybersecurity companies. Netsync Network will be paid $1.8 million. Weaver will receive $300,000. NVM will be contracted out at $172,000. Microsoft will be paid $173,000 and Foley and Lardner will receive $150,000.
Another $20,000 was allocated for "communication services" to Lawson, the county attorney seeking to withhold all the contracts.
Lawson did not respond to a request for comment.
COUNTY REJECTS OPEN RECORDS REQUEST
Government contracts are such clear examples of public information that the Texas Association of Counties describes them as "super public documents."
Super public information, according to the association, "includes categories of contracting information, including, but not limited to the total overall price the county will or could pay under a contract, a description of the items or services and associated cost for the item or services if identified in the contract."
Government contracts are "obviously public" information, said Joe Larsen, an attorney who specializes in media and government law, but government entities frequently claim cybersecurity as grounds for rejecting an information request.
They're able to do so, he noted, because the Homeland Security Act, passed in 2002, allows for easy rejections.
Larsen is skeptical of contracts rejected for cybersecurity purposes, he said, because it's an "easy" way to skirt government transparency laws.
If a government body is sensitive about a cyber attack, Larsen said, "they're going to claim there's confidential financial information... and claim that it reveals information about the computer system that bad guys could use to exploit the computer system."
Prior to the passage of the Homeland Security Act, Larsen said, a government agency would have had no choice but to release a government contract.
"The way it used to be, it's a contract with the government. You've got to release it," he said. "But now the bar is very low."
©2025 the Houston Chronicle, Distributed by Tribune Content Agency, LLC.