TxDOT says hackers tried to get into TxTag accounts system, caused nuisance (CORRECTION)

April 20, 2012
By Peter Samuel

2012-04-21 11:35 - TxDOT confirms there were attempts around April 6 to 8 to get into the TxTag system - a "cyber attack." The hackers overloaded the TxTag back office or accounts servers. A result was to slow down the system causing it function erratically.

Customers trying to manage their accounts during this period often failed to get acknowledgments of transfers from a credit or bank card to their TxTag account. Many hundreds and perhaps a few thousand people added more to their accounts than they intended.

Patrons attempting to add money to their TxTag account were frequently failing to get acknowledgment of successful transfers because the hacking attempts  had overloaded back office servers.

Not getting the response that they'd successfully added money, or in some cases getting an ERROR message TxTag customers tried again, and in many cases again, etc. Most transfers in fact went through, but a person wanting to add say $100 to their account ended up adding $200, $300, $400 depending on how persistent they were in trying again.

The hackers did not get into the system to the extent of being able to see or hack accounts. No money was lost. No customer information was compromised.

Karen Amacker, TxDOT spokesman emailed:

"Customer service and information security are of paramount importance to TxDOT. Cyberattackers recently tried to get into TxTag.org, but were not successful. All of our customers' information, including credit card information, remains secure.  

"The recent attack on TxTag.org slowed down our back office system significantly and resulted in multiple charges to some credit cards for account holders who attempted to process a payment on TxTag.org during the cyberattack.

"TxDOT is in the process of contacting each of the TxTag account holders affected by this system error directly. Processing of refunds for erroneous charges will be complete in the coming days.  We will continue to monitor activity on TxTag.org to ensure the integrity of our system and to provide a reliable and secure service to our customers."

Amacker says they don't know the intent of the hackers.

A number of IP addresses apparently used by the hackers have been blocked off to thwart further hacking.

North Texas

The problem was limited to the TxTag system out of Austin that serves the Austin area toll systems and also bunch of smaller toll systems - but not Dallas, or Houston.

However a headline writer at the Austin Statesman newspaper used what he probably thought was a generic term and said "Toll Tag" accounts were affected - as in "Cyber Attack Hits 1,600 Toll Tag Accounts".

They meant generic "toll tags".

Trouble was people read it as TollTag the brand-name of the sticker tag transponders issued in the Dallas area by North Texas Tollway Authority (NTTA.)

NTTA had customers asking about whether there were problems with the TollTag system. It of course has a separate back office run by ETCC and has not experienced any problems. TxTag's back office operator is Federal Signal.

NTTA issued a quite harshly worded MEDIA ADVISORY:

NTTA TollTags NOT Compromised in TxDOT TxTAG Cyber Attack
 
"The Friday, April 20 edition of the Austin American-Statesman reported in its headline and story that "Toll tag" users were hit by a cyber attack.  This misleading reference was also picked up by the Associated Press and refers to Texas Department of Transportation TxTag customers only. Please be advised that North Texas Tollway Authority TollTag customer accounts were NOT affected.  We have taken steps to correct this misinformation with the Austin American-Statesman and Associated Press and have asked them to print an immediate retraction.
 
"The NTTA takes its obligation to safeguard customer information seriously and expends a vast amount of resources to secure all confidential information.  The NTTA has instituted the appropriate level of controls and guidelines in its payment processing system and has earned accreditation as a PCI Compliant Level 2 merchant. The PCI Data Security Standards are a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
 
"Once again, NTTA TollTag accounts were NOT affected by a cyber attack to the TxTag system.  NTTA customers with questions are encouraged to call Customer Service at 972-818-NTTA (6882)."

TYPOGRAPHIC COMMENT: If headline writers would avoid the eccentric Germanic habit of capitalizing nouns readers would have a better shot at grasping the distinction between the generic and the brand. NTTA is itself inconsistent in its rendering of its brand. Sometimes it's TollTag, other times TOLLTAG.

NOTE: Our initial report said the system slowdowns might have been due to malfunctioning equipment or line problems. This was not the case, TxDOT says. There was the deliberate outside effort, hacking attempts.

TOLLROADSnews 2012-04-20 CORRECTED VERSION: 2012-04-21 11:35


Leave a comment: