Update on the August 2019 Texas Cyber Incident

Aug 17 2019

AUSTIN – The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 17, 2019, at approximately 5:00 p.m. central time.

  • On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
  • Later that morning, the State Operations Center (SOC) was activated with a day and night shift.
  • At this time, the evidence gathered indicates the attacks came from one single threat actor.
  • Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.
  • It appears all entities that were actually or potentially impacted have been identified and notified.
  • Twenty-three entities have been confirmed as impacted.
  • Responders are actively working with these entities to bring their systems back online.
  • The State of Texas systems and networks have not been impacted.
  • The following agencies are supporting this incident:
    • Texas Department of Information Resources
    • Texas Division of Emergency Management
    • Texas Military Department
    • The Texas A&M University System's Security Operations Center/Critical Incident Response Team
    • Texas Department of Public Safety
      • Computer Information Technology and Electronic Crime (CITEC) Unit
      • Cybersecurity
      • Intelligence and Counter Terrorism
    • Texas Commission of Environmental Quality
    • Texas Public Utility Commission
    • Department of Homeland Security
    • Federal Bureau of Investigation – Cyber
    • Federal Emergency Management Agency
    • Other Federal cybersecurity partners

Cybersecurity Best Practices

  • It is everyone's responsibility to remain cyber aware and practice information safety.
  • Do not open suspicious or unexpected links or attachments in emails.
  • Hover over hyperlinks in emails to verify they are going to the anticipated site.
  • Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender's email address.
  • Use unique strong passwords or pass-phrases for all accounts.
  • Do not provide personal or organizational information unless you are certain of the requestor's authority, identity, and legitimacy.
  • Alert your IT staff or supervisor if you have any concerns about the legitimacy of any email, attachment, or link.
  • Take advantage of available cybersecurity awareness training.
Return to Hot Topics