In late April 2025 the City of Abilene, Texas temporarily suspended its obligations under the Texas Public Information Act after a disruptive cyberattack. By invoking Government Code Section 552.2325, city leaders bought themselves a week -April 22–28 -to contain the incident, restore systems, and ensure the integrity of public records before resuming normal disclosure duties.
What Happened in Abilene
• Incident declared catastrophic: Following unauthorized access to municipal IT systems, Abilene officials classified the breach as a “catastrophe” under state law, permitting a one-week suspension of Public Information Act response deadlines.
• Legal authority: Texas Government Code § 552.2325 allows any governmental body hit by fire, flood, storm or other catastrophe -including major cyber incidents -to pause its public-records obligations for up to seven days to safeguard data and restore services.
• Public notice: The city published formal notice on its website and through local media, specifying the suspension window and reaffirming its commitment to resume compliance once systems were secured.
Why a Temporary Suspension Matters
Suspending disclosure requirements gives an organization critical breathing room to:
- Isolate affected networks and prevent further data leakage.
- Conduct forensic analysis to determine root cause and scope.
- Repair or rebuild applications- especially public-facing portals -without the pressure of immediate record-release deadlines.
- Coordinate with law enforcement and data-protection authorities before resuming normal operations.
Best Practices for Municipal Cyber Resilience
Municipalities and other public bodies can reduce both the likelihood and impact of similar events by:
- Proactive risk assessments of systems that house public records.
- Zero-trust network segmentation to limit attacker lateral movement.
- Regular backups and offline archives of critical data to accelerate recovery.
- Incident response playbooks that include legal-notification checklists and Public Information Act contingencies.
- Ongoing staff training in phishing detection and secure handling of sensitive records.
Conclusion
Abilene’s swift use of its statutory “catastrophe pause” illustrates a prudent balance between transparency and security. By temporarily suspending record-release duties, city leaders gained time to remediate systems without sacrificing long-term public trust. Every jurisdiction should prepare similar legal, technical and operational playbooks in advance of a cyber crisis.
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to secure AI-powered systems and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to guard against adversarial attacks
- Customized training to embed AI security best practices
- Penetration Testing (Mobile, Web, AI, Product, IoT, Network & Cloud)
- Secure Software Development Consulting (SSDLC)
- Customized CyberSecurity Services
We would help a municipality like Abilene by conducting a rapid cyber-risk assessment, implementing zero-trust network controls, establishing offline public-records archives, and developing an incident-response plan that aligns with Texas Government Code § 552.2325.