An attorney representing the Tarrant Appraisal District says the agency received a ransom demand for $700,000 from a group of hackers taking responsibility for last week's attack on their computer network.
The ransom demand was revealed during an emergency board meeting on Monday afternoon about the "criminal ransomware attack" that took down the agency's network on March 21.
"We’re here because evil exists in this world, it exists around the blocks, and it came into this building this past Thursday," said Vince Puente, chair of the TAD Board of Directors.
The hackers have not identified themselves, but the TAD suspects it was a group known as Medusa.
Get top local stories in DFW delivered to you every morning. Sign up for NBC DFW's News Headlines newsletter.
The TAD said in a statement Friday that after learning of the network disruption they took steps to secure their network and worked with cybersecurity experts to determine the cause of a network disruption and how to restore services. That investigation, the agency said Friday, revealed the ransomware attack.
The Tarrant Appraisal District assigns property values for ad valorem taxation purposes for jurisdictions throughout Tarrant County and its website is routinely used by property owners and real estate agents.
"Our investigation has confirmed that the Tarrant Appraisal District has been the victim of a criminal ransomware attack," the agency said in a statement Friday afternoon. "We have reported this incident to the Federal Bureau of Investigation and the Texas Department of Information Resources and will cooperate with any resulting investigation."
Local
The latest news from around North Texas.
"At this time we are unaware of whether any data has been compromised, we are reviewing that and that is a primary objective of our investigation and we’ll provide updates as soon as we know," said Lindsay Nickle, an attorney for TAD.
If the ransom is not paid, the hackers have said they'll release personal information. On Monday, the TAD said they “can not confirm” whether taxpayer info was compromised in the attack, but said they’re investigating around the clock.
This has been the latest cybersecurity breach in the Tarrant Appraisal District, which also reported attacks in 2022 and December 2023.
Tarrant County Judge Tim O’Hare shared his frustration in a post on the platform X, formerly known as Twitter.
"With a new board and a new Chief Appraiser, I'm hopeful they will get this situation fixed, as well as the other problems caused by the previous regime at TAD,” O'Hare wrote.
Some in the community told NBC5 that in recent years, they believe TAD hasn’t done enough to protect taxpayer data.
"There’s been previous intrusions of bad actors," said Daniel Bennett. "And the previous administration would just put them underneath the carpet and move on."
As of Monday afternoon, the TAD's website is up though users still cannot search the database and retrieve account information. TAD operations are being brought back online by priority, but it's unclear when all systems will be fully up and running.
During its emergency meeting on Monday afternoon the board voted to spend up to $235,000 on software programs Office 365 and SentinelOne, as well as an outside cybersecurity consultant.
Leaders said the move would help them recover from the breach, but there was still more work to be done.
"We know there are a lot of other issues we need to address in the future to really get us where we need to be, but these are what we deemed as being the immediate needs to move us in the right direction," said Joe Don Bobbitt, a TAD board member.
TAD leaders said over the past few days they’ve been bringing their systems back online. Officials told NBC 5 there has been no decision made on whether to pay the ransom, and they’re still considering all their options.