City of Fort Worth in Texas acknowledges hacker group's claims of stealing 180 GB of government data

A group of threat actors has claimed that it stole about 180 gigabytes of data from the city of Fort Worth in Texas.

A group of threat actors going by the name SiegedSec last week listed the city of Fort Worth as a victim on its Telegram channel and said that it stole “roughly 500k” files from the city’s systems.

“We easily hijacked their administrator account. The files leaked include: Work orders, employee lists, invoices, police reports, emails between employees/contractors, internal documents, camera footage, and lots, lots, lots more! The total size of this data leak is around 180GB,” the group posted.

“We have uploaded this leak in 10 different links, each containing 20GB of government files (except the last one). If any links go down, we assure we’ll have it up again very soon.”

Fort Worth’s IT Solutions Director Kevin Gunn acknowledged the cyber security incident, stating in a press conference that the Texas Department of Information Resources’ Computer Incident Response Team notified the city about the threat actors’ post.

He said the city immediately launched an investigation but found “no indication that there has been sensitive information related to either residents or businesses or employees that have been released as a part of this incident.”

“The city of Fort Worth has confirmed that the posted information did originate from our computer systems. However, that data came from a website that our workers use to manage their maintenance activities and not from the city’s public-facing intranet website.

“It appears the hackers downloaded file attachments to work orders within the system and those attachments include things like photographs, spreadsheets, invoices for work performed, emails between staff, PDF documents, and other related materials for work orders,” Gunn added.

According to Gunn, the data leaked by the threat actors weren’t sensitive in nature and most of the data would be released through a Public Information Act request. Gunn added that preliminary investigation revealed that the group stole login credentials but the city is yet to identify how the group got its hands on the credentials.

To mitigate the impact of the incident, the city disconnected the affected systems from the Internet and urged all users to reset their passwords. It has also reported the incident to both federal and local law enforcement agencies who are investigating the incident.