Dear County CIO & NACo Member,
You are likely aware that Tyler Technologies is in the process of responding to a security incident directed at our internal corporate network. As a technology solution provider exclusively serving the public sector, we respect the serious threat of any cybersecurity incident and understand the concerns that arise from such an event. Because of our long-term partnership with NACo and our relationship with county clients, we wanted to reach out directly to you to provide the information we are able to at this time and invite you to join us during the NACo Virtual CIO Forum next week for a special presentation on responding to cyberattacks.
Incident and Response
On Wednesday, September 23, we became aware that an unauthorized, third-party intruder had disrupted access to some of our internal phone and IT systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigation and remediation procedures.
We are working with independent IT security and forensics experts for detailed review and response support, including targeted monitoring to supplement the monitoring systems already in place. We have also notified law enforcement.
We have confirmed that the malicious software the intruder used was ransomware. Because this is an active investigation, we cannot detail all of our investigatory findings to date or specific incident response actions at this time. We are, however, continuing the recovery process, including restoring functions and conducting extensive third-party testing to ensure secure operations.
Based on the evidence available to-date, all indications are that the impact of the incident was directed at our internal corporate network and phone systems. It is important to note that the environment where we host software for our clients is separate and segregated from our internal corporate environment.
In addition, recent findings have indicated no evidence of malicious activity on client systems related to this incident. We continue to analyze and work closely with clients, and we have recommended that, as a precautionary measure, they reset the passwords used for remote access to their applications by Tyler personnel. To date, common remote access tools such as BeyondTrust (previously known as Bomgar) have experienced no unusual activity. Our clients continue to have control of how, when, or if Tyler personnel connects via these tools.
More detail regarding the incident as well as answers to frequently asked questions
and current updates are posted on our website. Beginning on September 23, we also began providing direct communications to our client community from myself and from President and CEO Lynn Moore. If you are a client, we hope those communications have made their way to you, but if you need to be added to our distribution list, please contact email@example.com.
An Opportunity for Conversation
We are looking forward to participating in the Fall Virtual NACo CIO Forum. We hope you will join us on October 15 at 2:15 pm ET for “Tyler Technologies and Mandiant’s Ransomware Best Practices” with Tyler Technologies’ chief strategy officer, Jeff Puckett, and Mandiant’s SVP and chief technology officer, Ron Bushar, to discuss best practices for responding to cyberattacks and security incidents involving malware and ransomware.
We share local government’s concerns regarding the increasing occurrence of malicious cyber activity. We appreciate the opportunity to share information directly with county CIOs and look forward to being with you virtually next week.