Hacktivists steal government files from Texas city Fort Worth

A hacktivist group broke into an online system belonging to the Texas city of Fort Worth, stole several gigabytes of data and posted it online.

On Saturday, Fort Worth officials admitted that it suffered a data breach, but said that after reviewing the leaked data, “at this time, there is no indication that sensitive information related to residents or staff are a part of this incident,” and that the data “was not sensitive and would be information releasable to the public through a Public Information Request.”

In an online post on its official website, the city said that the leaked data included “attachments to work orders, including photos, spreadsheets, invoices, emails, PDF documents and other material related to work orders.”

“There is no evidence at this time that any other systems were accessed, nor any evidence that sensitive data such as social security numbers, credit card or banking information was accessed, nor released,” the post read.

The city said that an example of the stolen data is “the address of a home with a pothole in the City street in front of the home, that needs to filled, [sic] as well as a picture of the pothole.”

A cursory review of the leaked files shows several pictures of potholes, tilted traffic signs or fallen traffic lights, and email messages between city employees. There is also a document that includes the names, work phone numbers and email addresses of Fort Worth’s employees.

The hacktivist group goes by SiegedSec, and it claimed the hack on its Telegram channel, saying “we have decided to make a message towards the U.S government. Texas happens to be one of the largest states banning gender affirming care, and for that, we have made Texas our target. Fuck the government.”

One of the hackers from SiegedSec, who goes by Vio, told TechCrunch that Fort Worth was an “opportunistic target.”

“We were targeting any government domain associated with Texas, as Texas was our primary target,” they said.

Vio explained that one of SiegedSec’s main causes “are those for the rights of minority groups, particularly in 1st world countries. In particular, LGBTQ+ rights.”

Valerie Colapret, a spokesperson for the city of Fort Worth, referred to the post the city published about the incident when asked for comment.

The city wrote that the hackers accessed “an internal information system, an application named Vueworks,” by acquiring login credentials to it, although the city said it still doesn’t know how the hackers got those credentials.

The city is asking users of the affected system to reset passwords, is reviewing “sources of information to determine the scope and depth of this incident specific to VueWorks,” and it’s working with law enforcement and computer forensic experts.

SiegedSec has a history of data breaches. Earlier this year, the group leaked data stolen from software giants Atlassian, and workplace management services startup Envoy. Last year, with the goal of protesting abortion restrictions in the U.S., the group targeted the IP addresses of U.S. companies that had exposed industrial control systems (ICS) ports, according to cybersecurity firm Mandiant.

This article was updated to include Fort Worth’s response, as well as comments from one of SiegedSec’s hackers.


Do you have information about SiegedSec or other hacktivist groups? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.