A hack into the phones and computers of the vendor that handles the Maine Judicial Branch’s computers and Maine eCourts website has forced the delay of a system expansion planned for the Bangor courts on Oct. 5.
Tyler Technologies, a Texas-based S&P 500 company with three locations in Maine, discovered the breach Wednesday morning, according to an email sent to customers. The company acknowledged Friday it had been hit by a ransomware attack but provided no further details. The company’s investigation of the hack is continuing, according to the company’s website and a judicial branch statement issued on Friday.
Tyler provides software services for everything from election results reporting in many states to jail and court management systems to payroll, human resources, tax and bill collection and land records. Federal officials have warned that election results reporting systems could be attractive targets for hackers seeking to interfere in the Nov. 3 presidential election.
The company landed a 10-year, $17 million contract to design Maine’s electronic court system in 2016, parts of which have since been rolled out. Their expansion of the eCourts system, which handles traffic matters, will allow remote public access to most civil cases and family matters in Bangor District Court and Penobscot County Superior Court of Bangor. It will be delayed until system security is assured. No date has been set, officials said.
The city of Portland uses the company’s products to run several of its government functions hosted on the city’s own systems, including payroll and financials, and has a contract with Tyler to do property assessments. The breach did not affect Portland systems, a city spokesperson said Friday.
Targeted ransomware attacks that could hamper voting systems are seen as a serious threat to the November election, federal authorities say. Ransomware attacks targeting state and local governments have been on the rise, with cyber criminals seeking money by seizing data and holding it hostage until paid. The fear is that such attacks could affect voting systems directly or indirectly, by infecting broader government networks that include electoral databases.
Even if a ransomware attack fails to disrupt elections, it could nonetheless rattle confidence in the vote. On the spectrum of threats from the fantastical to the more probable, experts and officials say ransomware is a particularly realistic possibility because the attacks are already so pervasive and lucrative. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks.
“From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” Adam Hickey, a Justice Department deputy assistant attorney general, said in an interview.
The number of attacks has escalated in recent years, with targets including Texas’ transportation agency and city computers in New Orleans. A December report by cybersecurity firm Emsisoft tracked attacks against at least 966 entities that interrupted 911 services, rendered medical records inaccessible and hindered police background checks.
In states that rely heavily on in-person voting and use electronic systems to check in voters, a well-timed attack particularly during early voting could prevent officials from immediately verifying a voter’s eligibility, making paper backups critical.
For states conducting elections entirely by mail, including Colorado, an attack near Election Day may have little effect on voting because ballots are sent early to all voters, with few votes cast in-person. But it could disrupt vote-tallying, forcing officials to process ballots by hand.
In many states, local officials will face an influx of new ballot requests. That means they’ll need constant access to voter data as they handle these requests. An attack could cause major disruptions.
A February advisory issued by the FBI and obtained by The Associated Press recommends local governments separate election-related systems from county and state systems to ensure they aren’t affected in an unrelated attack.
Story by Frank Bajak, Eric Tucker and Christina A. Cassidy. BDN writers Caitlin Andrews and Nick Sambides Jr. and Associated Press writer Jake Bleiberg contributed to this report.