We have confirmed that the malicious software used to disrupt our internal corporate network was ransomware. Given the sensitivities around the incident and the involvement of law enforcement in the investigation of it, we are not at liberty to disclose additional details at this time.

Our investigation has indicated that this incident was solely directed at Tyler's internal corporate environment and not the separate environment where we host client systems, which includes Tyler Disaster Recovery services.

We have no reason to believe our financial, payroll, or human resource information systems were impacted. The Tyler software we use for our internal financial management, as well as our payroll and HRIS functions, is hosted outside of Tyler's corporate network, in the same environment where we host client systems. Our investigation has indicated that this incident was solely directed at Tyler's internal corporate environment and not the hosted environment.

Tyler does not make election software. The Socrata open data platform is a Tyler product used to provide dashboards that display aggregated data from other sources. It is the only Tyler product that has any relation to election data and none of our Socrata data products support voting or election systems or store individual voting records. Users of our Socrata open data solution may use the platform to post election results, to promote transparency around campaign finance, or to post information on polling dates and locations. Very few Tyler clients enlist the application for this use.

Tyler's Socrata product is a SaaS data platform that is hosted offsite on AWS (Amazon Web Services), not on Tyler's internal network that was impacted. We have never had a report that a bad actor has used our Socrata platform to display incorrect or misleading election results, polling locations, campaign finance information, or other civic data.

After notifying clients of suspicious logins at two Tyler client sites on September 26, 2020, we opened channels for clients to advise of suspicious logins on their networks. Of the limited number of reports received, we have no evidence of malicious activity on client systems to date. Please see this page for “Support for Tyler Clients” if you have specific concerns.

The security of our Office 365 environment has been examined and verified by Microsoft. We have confirmed the safety of our email as well as SharePoint, Word, Excel, and other files generated in our Office 365 environment. Based on Microsoft’s analysis and our own findings, we consider Microsoft Outlook to be a secure method of email communication, both internally with our employees and externally with our clients.

Software companies have many approved options for remote support connections. One used by Tyler, for example, is BeyondTrust, previously known as Bomgar, to provide secure, remote access to client environments. Clients have control of how, when, or if Tyler Support connects via BeyondTrust. Tyler does not automatically download BeyondTrust without a client’s knowledge, nor is Tyler aware of any unusual activity related to BeyondTrust.

As a rule, Tyler will never ask for your login credentials over email. If you receive a suspicious email, do not open any attachments, click on any links, or reply to the sender. We recommend you follow the directions from your local IT department regarding how to report a suspicious email to validate its authenticity. If you opened an attachment or clicked on a link within a suspicious email, we recommend that you immediately report the incident to your local IT department and follow their instructions.

If you would like to report a suspicious email that you believe originated from a Tyler team member, you can email security@tylertech.com. Please do not forward the suspicious email itself, unless otherwise advised by Tyler. Simply provide the date of the email, the name and email address the email came from, the email subject line, and a general description of the content of the email.

Phishing attempts and social engineering are an ongoing issue for businesses of all kinds. Emails may appear to come from contacts whose names and/or domains you recognize, and inquiries that appear benign, including phone calls from unverified contacts, may be attempts to gather information related to information security. Detailed guidance is available on the FTC website.

No, Tyler has not directed third parties to contact our clients; nor have we provided names or contact information about our client base. Our investigation continues to confirm that the impact of this incident was directed at our internal corporate network and phone system.

We understand many people would like additional details regarding the incident we experienced. We sympathize with that interest; however, we are guided by standard incident response protocols and are committed to addressing this incident in a secure and responsible way. That includes sharing information when it is validated and safe to do.

Phone systems in all office locations are now fully operational. For other inquiries:

• Support: Use the online support portal
• Media: Email media.team@tylertech.com
• General Security Topics and Inquiries: Email info@tylertech.com and your question will be routed to the appropriate contact.