TARRANT COUNTY, Texas — The Tarrant Appraisal District (TAD) says Medusa, the hacking group responsible for the recent ransomware attack on the TAD, posted data obtained during the attack on the dark web.
The 300 people whose information was potentially compromised were notified, according to the TAD.
“While TAD limits the collection of sensitive data in majority of circumstances, we worked closely with leading cybersecurity experts to carefully review the affected data, and all individuals,” TAD Chief Appraiser Joe Don Bobbitt told WFAA in an email.
Cyber security expert Martin Yarborough isn’t working with TAD, but he has been following this hack closely because he also owns a home in Tarrant County.
“[Mudusa] it's a group that they're located primarily in Romania and they have started this wonderful business called ransomware as a service,” Yarborough said. “Which simply means that if you want to conduct a ransomware campaign against somebody, you can hire them to perform that.”
Medusa demanded $700,000 during the March 14th attack. TAD opted not to pay the ransom, but instead made cybersecurity upgrades, so Medusa leaked sensitive data.
“I don't know if they're selling it or if it's just available for download, but it is out there,” Yarborough said.
Property tax protest expert Chandler Crouch says he's already hearing from worried homeowners.
“We have had some people reach out just saying that they're scared, asking for help, wondering what they should do in response and just searching for answers,” Crouch said. “The appraisal district says that their attorney is going to reach out and contact people that may be at risk, but I haven't talked to anybody personally that has been contacted by their attorneys.”
The system used to manage property taxes is still having issues with email and its website. TAD says it’s mailed letters to those impacted.
“These letters provide details on the type of data that may have been accessed as well as outline the complimentary credit monitoring and identity protection services we are offering. We made it a priority to quickly identify those potentially affected and initiated direct outreach through mailed notifications. TAD’s IT team is continuing to work with cybersecurity experts to monitor the status of Medusa’s leak site, and additional updates will be provided if there are any further developments,” TAD told WFAA through email.
“The best thing that an individual can do is to go through the due diligence of protecting your critical information,” Yarborough said “And so you're going to want to go freeze your credit. That's the first thing and set up fraud alerts on all the credit services.”