DALLAS — Data allegedly from the recent cyber attack on Dallas County systems has been posted online, county officials confirmed on Tuesday.
Dallas County Judge Clay Jenkins said officials were “aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident.”
Jenkins said county officials were “thoroughly reviewing the data in question to determine its authenticity and potential impact.”
It wasn’t yet clear what specific data was accessed or posted.
The ransomware cybercrime organization known as “Play” claimed responsibility and had threatened to reveal private county documents on Nov. 3.
Jenkins had released a statement on Oct. 30 confirming that a cybersecurity attack affected the county’s systems earlier that month. Jenkins said the county became aware of an incident affecting “a portion of its environment” on Oct. 19, and said the county both immediately took steps to contain it and engaged an outside cybersecurity firm to start an investigation into the breach.
Dallas County shared in an update last week that, due to containment measures, the data exfiltration from the county’s environment was interrupted, preventing any encryption of its files or systems. County officials said the incident appeared to have been effectively contained, partly due to implemented security measures – including extensive deployment of an endpoint detection and response tool, forcing password changes for all of the systems’ users, requiring multi-factor authentication and blocking ingress and egress traffic from IP addresses found to be malicious.
Here was Jenkins’ full statement from Tuesday, when the data was allegedly leaked:
“Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident. We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.
We understand the concerns that such an incident may raise among our residents, employees, and partners. We want to assure everyone that we are taking this matter seriously. Our top priority is the security and privacy of all individuals associated with Dallas County.
Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation. As the investigation progresses, when our review determines personal information has been involved, we will notify the affected individuals directly.
We are committed to transparency and will provide updates as more information becomes available. All updates will be posted to this webpage. We encourage you to visit it frequently. Moreover, we encourage everyone to visit the Federal Trade Commission’s website at https://consumer.ftc.gov/features/identity-theft. This resource provides valuable information on how to safeguard personal information.
We sincerely appreciate your understanding and patience as we navigate through this situation.”
Play is the same group that took credit for a ransomware attack on the city of Oakland, Calif., earlier this year. That attack was so severe it triggered a local state of emergency after personal financial information was leaked online.
Oakland Councilmember Noel Gallo told WFAA the recovery process lasted months, becoming a challenging and costly obstacle for the city.
“They had access to all of our information. From banking information to home expenses, they had a complete package,” Gallo said. “My phone and my computer system didn’t work for months.”
Gallo said the cybersecurity attack in Oakland affected the city’s retirees and current employees.
The cybersecurity attack on Dallas County is just the latest breach on local North Texas governments in 2023.
In early May, the City of Dallas suffered a ransomware attack that crippled city systems for months and exposed information related to more than 30,000 people connected to the system.
In late June, the City of Fort Worth announced that it suffered a data breach of its own systems and that internal city information was posted online. Unlike the City of Dallas attack, Fort Worth officials said they believed the information acquired by their hack was “not sensitive in nature.”
Major North Texas employers American Airlines and Southwest Airlines have also endured major cyberattacks this year. In those instances, personal information for more than 8,000 applicants to become pilots at the airlines was stolen when hackers broke into a database maintained by a recruiting company in Austin in April.
More Texas headlines: