The Houston Housing Authority has upped its online security following a data breach.
The security upgrade comes in response to a cybersecurity incident on Friday in which hackers claimed to have obtained sensitive data from the agency, the Houston Chronicle reported.
IT director Roy Spivey and board chair Jody Proler met over the weekend to assess the HHA’s security vulnerabilities and form an action plan. The agency’s board authorized a $311,000 expenditure on Wednesday to bolster network security, which now includes the addition of two-factor authentication on all desktop servers.
The origin of the threat lies in a ransomware attack from Sept. 21, when hackers encrypted the agency’s virtual servers. By the following Monday, operations resumed, with the assumption that HHA’s firewall had thwarted data theft.
“At that time, we did not think there was any data theft because the firewall had shut down during the ransomware attack,” Spivey said.
The agency’s confidence waned a month later, however, when, on Oct. 24, Homeland Security alerted the agency about ransomware malware on one of its computers. Shortly after, hackers took to the internet again, announcing they possessed 38 gigabytes of stolen data — a mere 0.17 percent of the agency’s total data storage.
“We strongly believe that they were not able to steal our Elite database, which holds all our residents’ data,” Spivey said.
The approved funding will support a series of security upgrades, including enhanced firewalls, more robust file recovery and continuous monitoring across the agency’s systems.
The authority plans to notify residents, staff and vendors about the breach as it proceeds with its heightened cybersecurity efforts.
— Andrew Terrell