Updated September 26, 2020, 12:30 a.m. CT
Tyler Technologies is in the process of responding to a security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party. We are treating this matter with the highest priority and working with independent IT experts to conduct a thorough investigation and response.
Early in the morning on Wednesday, September 23, 2020, we became aware that an unauthorized intruder had disrupted access to some of our internal systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. That same morning, we engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We have implemented targeted monitoring to supplement the monitoring systems we already had in place, and we have notified law enforcement.
We have confirmed that the malicious software the intruder used was ransomware. Because this is an active investigation, we will not provide any additional specifics relating to our incident response or our investigation at this time.
Scope of Outage and Client Impact
Based on the evidence available to-date, all indications are that the impact of this incident was directed at our internal corporate network and phone systems. The environment where we host software for our clients is separate and segregated from our internal corporate environment. This includes our disaster recovery services.
Steps We Are Taking
We have activated targeted monitoring to supplement the monitoring services we already had in place, and we have detected no compromises in client systems that Tyler hosts. We are committed to completing a full forensics investigation and taking all appropriate actions in response to our findings.
Steps Our Clients Should Take
Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented. If clients haven't already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable.
If your agency identifies any suspicious logins identified with Tyler user accounts, please notify us immediately at Security@tylertech.com.
Tyler clients can continue to log support incidents using the link to the online support portal on this page. If you need assistance specifically with a password reset, you can contact us through that support portal or email us at firstname.lastname@example.org.
Information and Updates
We will be posting updates on www.tylertech.com as our response continues. Please check here first for verified information. Our internal teams are doing their best to keep up with inquiries, but our website updates will represent the best source of current information we can provide at scale.