By Joseph Menn
SAN FRANCISCO (Reuters) – Tyler Technologies <TYL.N>, whose products are used by U.S. states and counties to share election data, said on Wednesday that an unknown party had hacked its internal systems.
Tyler, whose platforms are used by elections officials to display voting results, among other tasks, confirmed the breach in an email to Reuters after warning clients in an email earlier in the day.
Tyler Technologies said in both emails it did not believe clients’ software had been breached.
The company, a major provider of emergency management and other programs to U.S. counties and municipalities, told Reuters in its email that it was working to restore its systems and had notified law enforcement. The company did not say whether there had been a ransomware demand or how it had learned of the breach, and it did not respond to questions.
The FBI and the U.S. Department of Homeland Security warned this week that foreign hackers might attempt to access and alter websites reporting election results. Neither responded to requests for comment after East Coast working hours.
In the email to customers, Tyler said there had been a “security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party.”
The email did not say what internal systems were breached.
“We currently have no reason to believe that any client data, client servers, or hosted systems were affected,” it said.
Although election results and their reporting are a major concern for security officials, a financially motivated attack could wreak havoc as well if it spread to Tyler’s customers.
Mike Hamilton, chief information security officer at CI Security, said counties should immediately reset the passwords they use to log into Tyler’s systems. Tyler can log in remotely to some software it sells, and so it is safest to assume that the hackers could do so as well, said Hamilton, who is a former chief information security officer for the city of Seattle.
Since the breach at Tyler may have happened some time ago, it is possible that any stored passwords might have already been taken and used, Hamilton said.
(Reporting by Joseph Menn; Additional reporting by Raphael Satter; Editing by Stephen Coates and Leslie Adler)