Tyler Technologies
The largest provider of software to local governments exposed data from courts, schools, and municipal agencies.
What happened?
Tyler Technologies, which provides software to more than 40,000 government locations including courts, schools, and municipal agencies, disclosed a data breach affecting client systems. As the dominant provider of local government technology, the breach cascaded across public sector organizations that depend on Tyler's platforms for citizen services.
What data was actually inside?
Government software holds some of the most comprehensive data about citizens: court records, tax information, property records, permit applications, school enrollment, and payment histories. Tyler's systems touch virtually every interaction citizens have with local government.
Court data is particularly sensitive—criminal records, civil cases, family court proceedings, and juvenile records that should be protected.
Who gets hurt and how?
Citizens in every community using Tyler's systems. People who paid taxes, filed permits, appeared in court, or enrolled children in school—all through Tyler-powered systems. Government data is comprehensive and spans entire lifetimes.
Court records exposure can affect employment, housing, and personal relationships. Tax records enable financial fraud. School records identify children and their addresses.
What did they think they were doing right?
Tyler Technologies is the leader in government software, publicly traded, and serving over 15,000 government clients. They have security programs, compliance certifications, and work with agencies that have strict security requirements. Government contracts often mandate specific security controls.
Being a government vendor comes with expectations. Those expectations weren't met.
What did they not know about their own data?
Tyler didn't know the full scope of citizen data accessible through their systems. Government software spans decades of implementation—legacy systems, migrations, integrations, and data accumulated over years of civic life. Each agency adds complexity.
When you're the vendor for courts, schools, and tax offices, you hold data about everyone who has interacted with government. Tyler learned what they held when attackers explored it.
What does attribution look like the morning after?
Notifications to government clients who must then determine their own exposure. Courts discovering case data was accessed. School districts alerting parents. Tax offices warning about financial data. Each agency faces their own notification burden—even though they trusted Tyler to secure the data.
Government breaches become political. Elected officials answer questions. Budgets for Tyler contracts get scrutinized.
What would have changed the outcome?
Knowing what citizen data exists across all government systems.
If Tyler had mapped the citizen data flowing through their platforms—court records, tax data, school records—they could have prioritized protection based on sensitivity. Government data includes the most sensitive information about people's lives: criminal records, family situations, financial circumstances. That data deserves the highest protection.
Don't Learn What You Have From an Attacker
Tyler didn't know what government data was at risk until the breach revealed it. Risk Finder shows you first.
Start Your Risk Assessment