Throughout the years, there have been numerous cybersecurity breaches in the state of Texas. Varying in size and the damage that they caused (both financially and to the establishment’s reputation), they have shaped the way that the government and businesses deal with cyber attacks.
Due to recent attacks, local officials are frequently encouraging Texas businesses to protect their systems by investing in comprehensive cybersecurity services and cybersecurity awareness training for their employees.
Five cybersecurity breaches in Texas history stand out amongst the rest and highlight this growing need for Texas businesses to better secure their systems:
1. Texas Lottery—2008
In 2008, winners of the Texas Lottery—along with retailers, vendors and lottery commission employees—were victims of a data breach that affected over 100,000 people. The breach happened because a former computer analyst that worked at the Texas Comptroller’s office copied sensitive data onto computer disks as a way of using the information to exploit the names, Social Security numbers, and addresses of winners and vendors.
In response, this employee was immediately fired from the agency and the commission sent out letters to notify the victims of the attack. They then began to look for ways to prevent further attacks, including password protecting sensitive files.
2. State of Texas—April 2011
A year before the above incident, the state of Texas faced a large cybersecurity breach. Early in the year, the Texas Comptroller’s Office accidentally revealed to the public 3.5 million resident’s personal information, including their dates of birth, driver’s license numbers, and Social Security numbers.
The incident picked up traction when the Comptroller’s MEA Culpa publicly admitted that the office had stored the information within a state server that could be publicly accessed.
After this data breach, the 82nd Texas Legislature passed and a Senate bill was created and signed by the governor. Within Senate Bill 988, it was agreed to invest in the creation of the Texas Cybersecurity, Education, and Economic Development Council. Within this council, they aimed to examine the cybersecurity information both in government, businesses and in education to try and tackle any future cyber attacks.
3. Office of the Texas Attorney General—April 2012
In April of 2012, the Office of the Texas Attorney General accidentally included sensitive information within a voter database file that was delivered to plaintiff attorneys. With details such as the Social Security numbers of 6.5 million voters, this mistake could have compromised the data if it was released to the public.
Thankfully, the information was never exposed publicly. Although the cyber attack received a lot of publicity, lasting damage was mitigated data was never exposed and the situation was dealt with promptly. Even still, this cyber attack goes down in Texas history as one of its most massive data breaches, with the potential to have exposed millions of files of highly private information.
4. Omni Hotels and Resorts—July 2016
In July of 2016, the renowned Dallas-based Omni Hotels and Resort was the victim of a cybersecurity breach. Announcing that they had been subject to a malware attack, they revealed that a data breach had directly affected over 50,000 customers throughout 49 of the chain’s various 60 locations, an attack that resulted in a huge backlash.
The sensitive information that was compromised in the attack included customer’s credit and debit card details but not debit card PINs or contact information. The company also released a statement declaring that if a customer didn’t present a payment card at a point of sale system at one of the Omni locations that were affected (as well as those who had reserved a room online), they were safe from the breach.
The data breach was not disclosed to the customers affected until Omni began to work with an IT security company to try and fix the issue. By engaging with the investigation and security firm, they were able to determine the extent of the breach and somewhat contain the intrusion, though not before thousands of customers’ data was compromised.
5. New Front Attack—August 2019
Most recently, in August of last year, a ransomware attack known as the New Front Attack took place and affected 22 Texas cities. Computer systems within the 22 municipalities were directly infiltrated by hackers that demanded a payment of $2.5 million to free up the systems from the damaging ransomware.
Although the attack mostly affected smaller local governments, the FBI and state cybersecurity experts were brought in to examine the breach to determine the full extent of it. Despite the number of computers and the compromised data not being disclosed, it was believed to cost Texas around $12 million.
Ransomware has become a particularly damaging form of malware that has grown in popularity in recent years, forcing businesses to payout millions before they can regain access to customers’ sensitive information. This is becoming a huge concern for businesses across the state of Texas, especially because paying the ransom does not always guarantee data access will be returned, yet some hackers threaten to publish sensitive data stolen from businesses
These attacks are only growing more sophisticated and malicious. Despite the state having implemented laws and Senate bills that aim for more robust cybersecurity within the Texas government and among Texas businesses, there are still breaches occurring daily because of ransomware. Prioritizing cybersecurity on an organizational level is imperative for every Texas business.
The right course of action, according to Texas governor Greg Abbott, is for Texas organizations to understand the extent of cyber-hygiene it takes to protect their systems and obtain professional cybersecurity services from a trusted Managed Service Provider to ensure your systems meet that level of hygiene and compliance. It’s no longer enough to address IT only as it presents visible issues; IT needs to be proactively protected against threats seeking access to private information.