Tyler Technologies is in the process of responding to a security incident and our corporate website is not fully functional.
Please see below for the latest updates.

Information on Tyler's Security Incident Response

Updated September 26, 2020, 12:30 a.m. CT

Overview: Tyler Internal Systems Outage

Tyler Technologies is in the process of responding to a security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party. We are treating this matter with the highest priority and working with independent IT experts to conduct a thorough investigation and response.

Early in the morning on Wednesday, September 23, 2020, we became aware that an unauthorized intruder had disrupted access to some of our internal systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. That same morning, we engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We have implemented targeted monitoring to supplement the monitoring systems we already had in place, and we have notified law enforcement.

We have confirmed that the malicious software the intruder used was ransomware. Because this is an active investigation, we will not provide any additional specifics relating to our incident response or our investigation at this time.

Scope of Outage and Client Impact

Based on the evidence available to-date, all indications are that the impact of this incident was directed at our internal corporate network and phone systems. The environment where we host software for our clients is separate and segregated from our internal corporate environment.

Steps We Are Taking

We have activated targeted monitoring to supplement the monitoring services we already had in place, and we have detected no compromises in client systems that Tyler hosts. We are committed to completing a full forensics investigation and taking all appropriate actions in response to our findings.

Steps Our Clients Should Take

Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented. If clients haven't already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable.

If your agency identifies any suspicious logins identified with Tyler user accounts, please notify us immediately at Security@tylertech.com.

Tyler clients can continue to log support incidents using the link to the online support portal on this page. If you need assistance specifically with a password reset, you can contact us through that support portal or email us at accthelp@tylertech.com.

Information and Updates

We will be posting updates on www.tylertech.com as our response continues. Please check here first for verified information. Our internal teams are doing their best to keep up with inquiries, but our website updates will represent the best source of current information we can provide at scale.

Questions and Clarifications

Updated September 30, 2020, 4:14 p.m. CT

Tyler does not make election software. The Socrata open data platform is a Tyler product used to provide dashboards that display aggregated data from other sources. It is the only Tyler product that has any relation to election data and none of our Socrata data products support voting or election systems or store individual voting records. Users of our Socrata open data solution may use the platform to post election results, to promote transparency around campaign finance, or to post information on polling dates and locations. Very few Tyler clients enlist the application for this use.

Tyler's Socrata product is a SaaS data platform that is hosted offsite on AWS (Amazon Web Services), not on Tyler's internal network that was impacted. We have never had a report that a bad actor has used our Socrata platform to display incorrect or misleading election results, polling locations, campaign finance information, or other civic data.

After notifying clients of suspicious logins at two Tyler client sites early Saturday morning, September 26, we opened channels for clients to advise of suspicious logins on their networks. Of the limited number of reports received, we have no evidence of malicious activity on client systems to date, and we continue to analyze and work closely with clients. Please see this page for “Steps Our Clients Should Take” if you have specific concerns.

Software companies have many approved options for remote support connections. One used by Tyler, for example, is BeyondTrust, previously known as Bomgar, to provide secure, remote access to client environments. Clients have control of how, when, or if Tyler Support connects via BeyondTrust. Tyler does not automatically download BeyondTrust without a client’s knowledge, nor is Tyler aware of any unusual activity related to BeyondTrust.

For clients and business partners, we are restoring the phone systems as quickly as possible. Reception and office phone lines are fully operational in our Troy, Michigan, and Yarmouth, Maine, office. We expect to provide updates about other locations soon. For other inquiries:

Addressing this incident is Tyler's highest priority. We are deploying every resource at our disposal, both internal and external, to take whatever steps are needed to return to business as usual. We are committed to doing that in a responsible, deliberate way, and we are laser-focused on those efforts. We value our partnerships with our client community, which we notified on the same business day that we ourselves learned of the incident. We will provide additional facts as they are confirmed, bearing in mind that this is still an active investigation that we must manage safely and securely. Please continue to check back here for updates as they are available.

We have confirmed that the malicious software used to disrupt our internal corporate network was ransomware. Given the sensitivities around the incident and our investigation of it, and our active cooperation with law enforcement, we are not at liberty to disclose additional details at this time.

We understand many people would like additional details regarding the incident we experienced. We sympathize with that interest; however, we are guided by standard incident response protocols and are committed to addressing this incident in a secure and responsible way. That includes sharing information when it is validated and safe to do.

Tyler has been in contact with the FBI, and we are cooperating with them.

Based on all of the evidence gathered to date through our around-the-clock response efforts, all information available to us continues to indicate that this incident was directed at Tyler's internal corporate environment and not the separate environment where we host client systems. We have disconnected points of access between Tyler's internal systems and our client systems to further protect our clients. We have also enabled targeted monitoring of our corporate and hosted environments to supplement the monitoring we already had in place.

We have no reason to believe our financial, payroll or human resource information systems have been impacted. Tyler uses our Munis software — the same software used by many of our clients — for our internal financial management, as well as our payroll and HRIS functions. Munis is hosted outside of Tyler's corporate network, in the same environment where we host client systems. All evidence continues to indicate that this incident was directed at Tyler's internal corporate environment and not the hosted environment.

Based on all of the evidence gathered to date through our around-the-clock response efforts, all information available to us continues to indicate that this incident was directed at Tyler's internal corporate environment and not the separate environment where we host client systems. In addition, our Socrata platform is hosted offsite on AWS (Amazon Web Services), and our Tyler Federal (Entellitrak, Versa, CAVU, ACO, GA Courts, and DCM clients) and Tyler Detect cybersecurity platforms are maintained in entirely separate environments. There is no evidence of any impact on those environments whatsoever.

Tyler's Online Services and Support teams have reviewed all the logs, monitoring, traffic reports, volume reports, and cases related to utility and court payments. There were no outages with any of our online payment systems and payment activity has functioned normally during this time.