Bexar County Appraisal District Breach Analysis — Texas Breach Tracker

Incident Date

2025-03-07

Records Exposed

890,000

Attack Type

Exfil

Threat Actor

Unconfirmed

Incident Timeline

2025-03-07

Unauthorized access to property database detected
2025-03-10

External access restricted; forensic review initiated
2025-04-01

Scope determined: 890,000 property records accessed
2025-04-30

Taxpayer notifications underway; Texas AG notice filed

Attack Vector Analysis

How they got in

Misconfigured public-facing database API exposed taxpayer property records without authentication. Automated scraping tools harvested records over several weeks before internal monitoring caught the volume anomaly.

What CoreRecon Would Have Caught

Sentinel / Fortress / Command coverage

Sentinel API rate limiting and anomaly detection: sustained high-volume query pattern from single IP triggers alert and automatic throttle

Fortress Configuration management: public-facing API security baseline review catches unauthenticated database endpoint

Command TDPA compliance audit identifies public-facing APIs containing PII as requiring authentication and audit logging

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Compliance Failures Mapped

Regulatory exposure

Regime	Standard / Citation	Gap Identified
TDPA	Tex. B&C Code §521.053	890,000 Bexar County residents required breach notification
TDPA	Tex. B&C Code §521.052	Reasonable procedures to protect sensitive PII — unauthenticated database API violates reasonable care standard

How to Not Be Next

5-point hardening list

1

API security: all public-facing APIs require authentication — no unauthenticated access to records containing PII
2

API rate limiting: block or throttle requests exceeding operational thresholds from single IP or user agent
3

Configuration baseline review: quarterly scan of all internet-facing endpoints for unauthenticated access, default credentials, and exposed admin interfaces
4

API access logging: retain and monitor all requests to public data APIs; alert on volume anomalies
5

Data minimization: public property portals expose only legally required fields; mask or restrict SSN, full DOB, and sensitive taxpayer data

Source Citations

→ Texas AG Breach Notices
→ DataBreaches.net

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.

More Municipal Incidents

Is your organization hardened against this attack vector?

Free $2,500 security posture assessment for Texas organizations. We map your gaps against the same attack vectors used in this incident. No contract, no commitment.

Request Free Assessment ← Full Tracker

Bexar County Appraisal DistrictBreach Analysis

How they got in

Sentinel / Fortress / Command coverage

Regulatory exposure

5-point hardening list

Is your organization hardened against this attack vector?

Bexar County Appraisal District
Breach Analysis