Item 8.01 Other Events
Disclosure of Security Incident
The Company has notified its clients of a security incident involving
unauthorized access to its internal telephone and information technology systems
by an unknown third party. On September 23, 2020, the Company became aware that
an unauthorized intruder had disrupted access to some of the Company's internal
systems. That same day, the Company (1) shut down points of access to external
systems and immediately began investigating and remediating the problem; (2)
engaged outside IT security and forensics experts to conduct a detailed review
and help securely restore affected systems; (3) implemented targeted monitoring
systems to supplement the systems the Company already had in place; and (4)
notified law enforcement. The Company is cooperating with their investigation.
The Company has confirmed that the malicious software the intruder used was
ransomware. Because this is an active investigation, the Company is not
providing additional specifics relating to the ransomware at this time. The
Company is providing approved updates in client communications and on its
corporate website, tylertech.com.
Based on the evidence available to date, all indications are that this incident
was directed at the Company's internal corporate network and telephone systems.
The environment where the Company hosts software for its clients is separate and
segregated from its internal corporate environment. The Company has detected no
compromises in client systems that the Company hosts. The Company did notify
clients of suspicious logins reported at two Company client sites, and opened
channels for clients to advise of suspicious logins on their networks. Of the
limited number of reports received, the Company has no evidence of malicious
activity on client systems to date and continues to analyze and work closely
There have been media reports speculating on a possible connection between this
incident and upcoming elections. The Company does not make or provide election
software. The Socrata open data platform is a Company product used to provide
dashboards that display aggregated data from other sources. It is the only
Company product that has any relation to election data and none of the Company's
products support voting or election systems or store individual voting records.
Users of the Company's Socrata open data solution may use the platform to post
aggregated election results, to promote transparency around campaign finance, or
to post information on polling dates and locations. Very few Company clients
enlist the application for this use.
The Socrata product is a SaaS data platform that is hosted offsite on AWS
(Amazon Web Services), not on the Company's internal network that was impacted.
The Company has never had a report that a bad actor has used its Socrata
platform to display incorrect or misleading election results, polling locations,
campaign finance information, or other civic data.
The Company is in the early stages of assessing this incident, and the attack
has caused and may continue to cause an interruption in parts of its business.
Such interruption may result in a loss of revenue and incremental costs that may
adversely impact the Company's financial results. The Company maintains
cybersecurity insurance coverage in an amount that the Company believes is
adequate. In addition to the other information set forth in this report, one
should carefully consider the discussion of the risks and uncertainties
cyber-attacks and security vulnerabilities contained in Part I, "Item 1A. Risk
Factors" in our 2019 Annual Report on Form 10-K.
© Edgar Online, source Glimpses