SiegedSec hacks city of Fort Worth — what to know


For businesses of all shapes and sizes, the security of your digital infrastructure is increasingly a critical priority. The recent cyberattack on the city of Fort Worth, carried out by the hacktivist group SiegedSec, underscores the pressing need for businesses to redouble their cybersecurity measures.

So, what do we know about the attack, what can we learn from it, and how do we prevent it from happening to you?

What happened?

Fort Worth officials said hackers gained access to a city website that facilitates maintenance orders for several city departments. SiegedSec allegedly downloaded file attachments to various work orders within the system, including things “like photographs, spreadsheets, invoices for work performed, emails between staff, PDF documents and other related materials for work orders,” city officials said.

Officials continued, saying the “ information is not sensitive in nature and “by and large” what officials would release in a public records request.”

As of last weekend, officials said they neither believe any other systems were accessed nor did they have any other evidence of sensitive data — such as social security numbers, credit card or banking information— had been accessed or released.

Whos is SiegedSec and what do they want?

According to the Dallas Morning News:

In a June 2022 post, the firm said the group appears motivated “by the sheer fun of the experience, the potential clout gained by publicly mocking organizations with insufficient information security controls.”

Last year, the group said it leaked 8 gigabytes of data from state governments in Arkansas and Kentucky in protest against the state’s efforts to enact abortion bans following the Supreme Court ruling in a case which overturned Roe v. Wade. In February, the group leaked data on Telegram that it claimed to have stolen from Australian software giant Atlassian, according to reporting from TechCrunch.

In the post to the city of Fort Worth, the group said it is targeting Texas because of the state’s stance on gender-affirming care. Earlier this month, Gov. Greg Abbott signed Senate Bill 14, banning such medical care for minors.

So, what does this mean for your business?

The Fort Worth cyber attack, like many before it, could have been significantly mitigated, if not outright prevented, through proactive measures (namely, beefed up multifactor authentication). Businesses must implement a robust cybersecurity infrastructure that includes data encryption, firewalls, antivirus software, and monitoring tools.

SiegedSec gained/used compromised login credentials to hack Fort Worth. Protecting your employees’ login information with multifactor authentication (MFA) is a simple, yet effective, strategy to significantly reduce your company’s vulnerability to cyber threats. MFA requires additional verification methods in conjunction with the usual username-password pair, making unauthorized access much more challenging for threat vectors.

Education and Training: Your First Line of Defense

Invest in cybersecurity training for your employees. The Fort Worth attack demonstrated the potential harm from unknowingly compromised credentials. And it’s often your employees who accidentally provide the opening for hackers to jump through. Regularly updating your staff on the latest cybersecurity threats and best practices is integral to creating a security-conscious culture.

Prepare for the Inevitable

While fortification is crucial, businesses should also establish a robust disaster recovery plan. Cyber attacks, despite your best preventive measures, can still occur. Having a plan in place can minimize damage, ensure business continuity, and expedite recovery.

Turn to Managed IT Services

Devising and maintaining a comprehensive cybersecurity infrastructure can be overwhelming. Partnering with a managed IT services provider offers a streamlined solution that handles your cybersecurity needs, freeing you to focus on what matters most — your business.

Leverage offers state-of-the-art managed IT services tailored to your unique business requirements. Our team of experts continually monitor and update your security measures, ensuring you remain one step ahead of cyber threats. Moreover, we provide staff training and guidance, fostering a security-conscious environment within your organization.

The SiegedSec attack on Fort Worth is not an isolated incident. Threat actors are constantly evolving and innovating, targeting businesses of all sizes. Prioritizing cybersecurity is no longer a choice but rather a necessity in our digital age.

Don’t wait for an incident like the Fort Worth attack to happen to you. Drop us a line so we can work together to build a resilient cybersecurity infrastructure that protects your business today and prepares it for the challenges of tomorrow.