IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hackers Publish Tarrant Appraisal District Data

Ransomed information has made it to the dark web, where hacking group Medusa published TAD documents including tax exemption applications and employee information.

A hand on a computer mouse surrounded by vertical lines of code in light blue and orange. Black background.
Medusa, the hacking group responsible for the ransomware attack on the Tarrant Appraisal District, has published data on the dark web it obtained from the attack, TAD said Tuesday.

“TAD is aware that the criminal group Medusa has illegally posted files they claimed to have obtained from the TAD network,” Chief Appraiser Joe Don Bobbitt said in a statement in response to questions from the Fort Worth Star-Telegram. “While TAD limits the collection of sensitive data in majority of circumstances, we worked closely with leading cybersecurity experts to carefully review the affected data, and all individuals.”

Bobbitt said the 300 individuals whose information has been compromised have been notified via mail.

Content on the dark web is not accessible by search engines and requires a special browser.

Documents published by Medusa, some of which have been reviewed by the Star-Telegram, show tax exemption applications and employee files. Some tax exemption forms require a driver’s license, Social Security or Federal Tax ID number. Homestead exemption forms ask for a copy of the owner’s driver’s license.

Bhavani Thuraisingham, a professor of computer science with a specialty in cybersecurity at UT Dallas, said Social Security numbers and driver’s licenses are the most damaging information that can be exposed online.

Medusa said it had obtained and published 217 gigabytes of data from the appraisal district. Medusa set a ransom of $700,000. The appraisal district did not respond to a question about whether it negotiated with the group. On April 8, Medusa’s blog listed the appraisal district’s ransom at $100,000 and displayed a timer counting down to a deadline.

“TAD’s IT team is continuing to work with cybersecurity experts to monitor the status of Medusa’s leak site, and additional updates will be provided if there are any further developments,” Bobbitt said.

©2024 Fort Worth Star-Telegram. Visit star-telegram.com. Distributed by Tribune Content Agency, LLC.