2020-09-29 TYLER TECHNOLOGIES INC Cybersecurity Incident

Page last updated on April 11, 2024

TYLER TECHNOLOGIES INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-09-29 17:13:56 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2020-09-23
Disclosure Date: 2020-09-29
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2020-09-29

TYLER TECHNOLOGIES INC filed an 8-K at 2020-09-29 17:13:56 EDT
Accession Number: 0000860731-20-000028

Item 8.01 Other Events.

Disclosure of Security Incident

The Company has notified its clients of a security incident involving unauthorized access to its internal telephone and information technology systems by an unknown third party. On September 23, 2020, the Company became aware that an unauthorized intruder had disrupted access to some of the Company’s internal systems. That same day, the Company (1) shut down points of access to external systems and immediately began investigating and remediating the problem; (2) engaged outside IT security and forensics experts to conduct a detailed review and help securely restore affected systems; (3) implemented targeted monitoring systems to supplement the systems the Company already had in place; and (4) notified law enforcement. The Company is cooperating with their investigation.

The Company has confirmed that the malicious software the intruder used was ransomware. Because this is an active investigation, the Company is not providing additional specifics relating to the ransomware at this time. The Company is providing approved updates in client communications and on its corporate website, tylertech.com.

Based on the evidence available to date, all indications are that this incident was directed at the Company’s internal corporate network and telephone systems. The environment where the Company hosts software for its clients is separate and segregated from its internal corporate environment. The Company has detected no compromises in client systems that the Company hosts. The Company did notify clients of suspicious logins reported at two Company client sites, and opened channels for clients to advise of suspicious logins on their networks. Of the limited number of reports received, the Company has no evidence of malicious activity on client systems to date and continues to analyze and work closely with clients.

There have been media reports speculating on a possible connection between this incident and upcoming elections. The Company does not make or provide election software. The Socrata open data platform is a Company product used to provide dashboards that display aggregated data from other sources. It is the only Company product that has any relation to election data and none of the Company’s products support voting or election systems or store individual voting records. Users of the Company’s Socrata open data solution may use the platform to post aggregated election results, to promote transparency around campaign finance, or to post information on polling dates and locations. Very few Company clients enlist the application for this use.

The Socrata product is a SaaS data platform that is hosted offsite on AWS (Amazon Web Services), not on the Company’s internal network that was impacted. The Company has never had a report that a bad actor has used its Socrata platform to display incorrect or misleading election results, polling locations, campaign finance information, or other civic data.

The Company is in the early stages of assessing this incident, and the attack has caused and may continue to cause an interruption in parts of its business. Such interruption may result in a loss of revenue and incremental costs that may adversely impact the Company’s financial results. The Company maintains cybersecurity insurance coverage in an amount that the Company believes is adequate. In addition to the other information set forth in this report, one should carefully consider the discussion of the risks and uncertainties cyber-attacks and security vulnerabilities contained in Part I, “Item 1A. Risk Factors” in our 2019 Annual Report on Form 10-K.

Company Information

SIC DescriptionServices-Prepackaged Software
TickerTYL - NYSE
CategoryLarge accelerated filer
Fiscal Year EndDecember 30