Fort Bend County library director says patrons' sensitive information wasn't stolen
RICHMOND, Texas (KTRK) -- In the Fort Bend County library director's latest cyber incident update, he stated that patrons' sensitive data wasn't compromised; however, new emails obtained by 13 Investigates suggest that this may not be the case for everyone.
LIBRARY DIRECTOR ACKNOWLEDGES IT WAS A CYBERSECURITY ATTACK
In March, Fort Bend County Library Director Roosevelt Weeks said a cyber incident in February impacted the network. He didn't provide any other details about what happened.
13 Investigates requested the messages tied to the incident. The county requested that the attorney general's office block our request.
The AG's office sided with us. In June, 13 Investigates received nearly 3,000 emails.
In them, county leaders said this was the biggest cyber incident in the county's history. Reports in the messages show the library was hit by a massive ransomware attack with a note left in the system that the IT director said compromised everything.
After our reporting, the library director is now calling this a cybersecurity attack. Although, he's still not providing details about exactly what happened.
DIRECTOR SAID PATRONS' SENSITIVE DATA NOT STOLEN, BUT EXPERTS STILL URGE CAUTION
Following the attack, ABC13 talked to San Jacinto College's cybersecurity senior director Rizwan Virani. He told Eyewitness News that it was important for the library to be transparent.
"Unless they list specifically what was compromised, I think it's not a good representation to say it's of no consequence," Virani explained.
In the director's latest update, he provided more information about patrons' information. He said they only collect basics, including names, addresses, emails, and reading history.
He said it's purged on a rolling basis. But he didn't say when that last happened.
The director also didn't mention if library account passwords were impacted. "If I use that same password on every single account I have online then yeah, that's a big deal," Virani said.
EMAILS SHOW LIBRARY WORKER'S DATA WAS COMPROMISED AND THEY MAY HAVE KEPT IT FROM IMPACTED EMPLOYEES
After the AG's office sided with 13 Investigates, we received messages from the IT and library director. Recently, County Judge KP George provided ABC13 with his messages.
In the emails ABC13 found in March, a message from a law firm hired to work with the county said an employee directory was compromised. They didn't say what exactly was impacted.
However, they advised the county to keep it quiet saying, "These statements do not aim to clarify the potential impact on employee data from the incident, as it would not be appropriate to share that information with the public, nor appropriate at this time."
The messages show it may not just have been the public they kept this information from.
The message from the law firm states, "It is possible that Fort Bend will need to provide formal notice to employees. However, depending on the number of potentially affected employees, notice may still not be required for the attorney general."
It's unclear if the library told its workers. 13 Investigates asked officials, and we didn't hear back.
MESSAGES REVEAL WHO TOLD COUNTY LEADERS TO KEEP QUIET ON THE ATTACK
Since we learned about the incident, ABC13 has made numerous attempts to interview the library director both through email and in-person. He's always denied our requests.
Last week, ABC13 went to commissioners court. Only Commissioner Vincent Morales answered our questions.
Commissioner Dexter McCory and Commissioner Grady Prestage told ABC13 to get back with them. We have, including on Tuesday, but we haven't heard back about an interview.
In messages that 13 Investigates obtained, it shows why information may be hard to come by.
In a message from March, the county attorney told commissioners, the DA and other directors to "Please be mindful of the wording used in public forums, engagements, and other outlets describing this event."
The reason why she says was "Any unnecessary disclosure of information could be harmful to the county's civil liability, undermine recovery efforts, as well as thwart the criminal investigation and prosecution of any bad actors."
For updates on this story, follow Nick Natario on Facebook, X and Instagram.
