Maryland Property Search Tool Restored After Nearly Two-Week Cybersecurity Shutdown
Why It Matters
Maryland residents and real estate professionals regained access to a critical public records tool this week after a cybersecurity incident forced the State Department of Assessments and Taxation (SDAT) to take its property search database offline for nearly two weeks. The outage highlighted the vulnerability of state digital infrastructure to cyber threats and the real-world disruption that follows when government systems go dark.
The SDAT property search tool is widely used by homeowners, title companies, attorneys, and prospective buyers to access property ownership information, sale history, and property characteristics — making its absence a significant inconvenience across Maryland’s real estate and legal sectors.
What Happened
State officials detected suspicious activity on SDAT servers on April 14 and immediately took the agency’s website offline to contain the threat and launch an investigation. The decision to pull the site reflected a cautious approach to protecting the integrity of state systems, even at the cost of public access to commonly used records.
As of Monday, the property search tool was restored and functional, allowing users once again to look up property owner names, property characteristics, and sale histories. A spokesperson for the department, Alyssa Nolte, said in a public statement that officials “needed time to analyze the affected servers and remediate any issues that could compromise the system again or make it unsafe for public use.”
Following a final round of testing over the weekend, the tool was cleared for public use. During the outage, Marylanders were directed to visit county-level real property assessment offices to obtain records they needed.
By the Numbers
Key figures from the incident:
- April 14: Date suspicious activity was first detected on state servers
- ~13 days: Length of the outage before service was restored
- 1 weekend of final system testing preceded the public relaunch
- 0 private records are believed to have been compromised — officials say only publicly accessible property data was involved in the breach
- Multiple counties served as backup access points, directing residents to local assessment offices during the shutdown
Zoom Out
The Maryland SDAT incident is part of a broader and growing pattern of cyberattacks targeting state and local government systems across the country. Government databases — particularly those containing property, tax, and public records — have become increasingly attractive targets for bad actors seeking either data exploitation or system disruption.
States have faced mounting pressure to modernize and harden their digital infrastructure, with many finding that legacy systems are especially vulnerable. The cost of taking systems offline, even temporarily, reverberates across industries that depend on timely access to government records, including real estate, law, and title insurance. Maryland has dealt with other high-profile infrastructure challenges in recent years, including reaching a settlement with the owner and operator of the ship that destroyed the Francis Scott Key Bridge.
Federal agencies including the Cybersecurity and Infrastructure Security Agency (CISA) have repeatedly warned state governments to audit and reinforce public-facing digital platforms, particularly those handling sensitive or high-traffic data.
What’s Next
State officials have not publicly disclosed the full scope of the investigation or confirmed whether any outside actors have been identified in connection with the breach. The Department of Information Technology indicated that its current assessment is that only publicly available property records were accessed — information already accessible to any user of the site prior to the attack.
Officials have not announced any timeline for releasing a complete post-incident report, nor have they indicated whether additional security upgrades to the SDAT system are planned. Taxpayers and government watchdogs may press for greater transparency about what security protocols were in place before the breach and what specific remediation steps were taken.
Maryland residents who need to access property records can now return to the SDAT website directly. Those interested in other ongoing developments in Maryland government can also follow recent changes to permitting for agricultural construction in the state.