Connect with us

Hi, what are you looking for?


Data Breaches

Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor

The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies.

The LockBit ransomware gang has leaked 1Gb of data allegedly stolen from the District of Columbia’s Department of Insurance, Securities and Banking (DISB).

The group claims to be in the possession of 800Gb of data pertaining to DISB, the US Securities and Exchange Commission (SEC), Delaware banking institutions, and other financial entities, and threatens to release it unless DISB pays a ransom.

The data appears to have been stolen from DISB’s STAR system client in late March, during a cyberattack on Tyler Technologies, a software and services provider for the public sector.

In separate incident notices, Tyler and DISB revealed that the attack involved unauthorized access to a cloud environment hosting DISB’s STAR system client data.

The system was immediately taken offline and, while file-encrypting ransomware was deployed on the compromised system, Tyler has been working on restoring the environment and associated data using available backups.

In an April 19 update, Tyler confirmed that information allegedly stolen from the STAR system was leaked online, but said it has yet to determine the full scope of the data breach.

Potentially compromised information, the contractor said, may include names, dates of birth, Social Security numbers, driver’s license numbers, and other information.

“We have confirmed evidence that the threat actor acquired information from the system. We are working with third-party cybersecurity forensic experts to identify the full impact. As of April 18, the threat actor published information they claim was acquired from the STAR system,” the company said.

Advertisement. Scroll to continue reading.

Tyler also noted that it has yet to identify individuals whose personally identifiable information (PII) might have been stolen in the attack and that it would start notifying them once the identification process is completed.

The attack, Tyler pointed out, was unrelated to a 2020 ransomware attack that impacted its internal corporate network and phone systems and forced it to shut down various systems, including its website.

The Texas-based Tyler Technologies provides property tax lifecycle management solutions, civic services solutions, a secure system for accessing official records, regulatory solutions, and integrated corrections, case management, and public safety solutions.

Related: Cannes Hospital Cancels Medical Procedures Following Cyberattack

Related: Watch Now: Ransomware Resilience & Recovery Summit Sessions Now on Demand

Related: LockBit Ransomware Gang Resurfaces With New Leak Site

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.