Last Friday, a group of hackers published an ominous post online — they were selling confidential data stolen from the Houston Housing Authority.
The information technology team for the public agency, which provides affordable housing to low-income residents, went into overdrive, speaking with board chair Jody Proler late into the evening over the course of several days about how to address the problem.
The board quickly called a special meeting and on Wednesday approved a resolution for a $311,000 purchase of network security and software. Now, according to the authority’s IT team, desktop servers cannot be accessed without an extra layer of security using two-factor authentication.
Officials said that the hackers’ threat to sell Houston Housing Authority data was related to a Sept. 21* ransomware attack that encrypted the agency’s virtual servers. The agency restored the server and was able to resume business by Sept. 24.
“At that time, we did not think there was any data theft because the firewall had shut down during the ransomware attack,” said Roy Spivey, director of information technology for the housing authority, in a presentation to the board.
But on Oct. 24, the housing authority received a call from the U.S. Department of Homeland Security saying that it had “credible information” that one of the authority’s computers was infected with ransomware malware, according to a housing authority memo.
A week later, hackers posted about selling the housing authority’s data.
Spivey said the housing authority has learned that 38 gigabytes of data have been stolen. He said that was 0.17 percent of the total data stored on the housing authority’s data. However, the housing authority does not know what information was compromised.
“We strongly believe that they were not able to steal our Elite database, which holds all our residents’ data,” Spivey said.
The housing authority plans to inform all staff, residents and vendors of the breach.
The security upgrades will improve the firewall, make it easier to recover encrypted files and allow better monitoring of computers.
*Editor's note: This date conflicts with the housing authority's original statement that the attack happened on Sept. 22. Official materials from the authority indicate both dates.
(c)2024 the Houston Chronicle. Distributed by Tribune Content Agency, LLC.
Houston Housing Authority Votes to Upgrade Security After Hack
The move comes after hackers advertised a sale of stolen information from the authority online — despite the organization initially believing its technology had prevented any data theft.
