Harris County Tax Assessor-Collector Breach Analysis — Texas Breach Tracker

Incident Date

2024-10-03

Records Exposed

1,200,000

Attack Type

Exfil

Threat Actor

Unconfirmed

Incident Timeline

2024-10-03

Unauthorized access to county tax database detected
2024-10-07

Database access restricted; investigation initiated
2024-11-01

Forensic scope confirmed: 1.2M records affected
2024-11-30

Taxpayer notification campaign begins; Texas AG notice filed

Attack Vector Analysis

How they got in

Database credential compromise via a contractor with overly broad read access. Large-scale exfiltration of property tax and vehicle registration records containing names, addresses, and identification numbers.

What CoreRecon Would Have Caught

Sentinel / Fortress / Command coverage

Sentinel Database activity monitoring: bulk export query from contractor account triggers immediate alert and session suspension

Fortress Contractor access scoping: read access restricted to specific county and record type relevant to contractor work; no access to full registry

Command Annual access review: contractor accounts audited for over-privilege; excess access removed before it can be exploited

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Compliance Failures Mapped

Regulatory exposure

Regime	Standard / Citation	Gap Identified
TDPA	Tex. B&C Code §521.052	Reasonable procedures to protect sensitive PII — contractor access over-provisioned without audit logging
TDPA	Tex. B&C Code §521.053	1.2M Harris County taxpayer notifications required within 60 days

How to Not Be Next

5-point hardening list

1

Database activity monitoring: real-time alert on bulk exports exceeding operational thresholds
2

Contractor access scoping: limit to minimum records required for contracted work; time-limited access
3

Quarterly contractor access review: remove dormant or over-privileged contractor accounts
4

Audit logging for all database queries from contractor accounts; retain 12 months minimum
5

PII data minimization: tax database does not expose SSN or full DOB via contractor-accessible queries

Source Citations

→ Texas AG Breach Notices
→ DataBreaches.net

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.

More Municipal Incidents

Is your organization hardened against this attack vector?

Free $2,500 security posture assessment for Texas organizations. We map your gaps against the same attack vectors used in this incident. No contract, no commitment.

Request Free Assessment ← Full Tracker

Harris County Tax Assessor-CollectorBreach Analysis

How they got in

Sentinel / Fortress / Command coverage

Regulatory exposure

5-point hardening list

Is your organization hardened against this attack vector?

Harris County Tax Assessor-Collector
Breach Analysis