The city said that on June 14 and in the weeks following, its investigation found files that potentially contained sensitive personal information were accessed by an "unauthorized third party." This personal information includes full names, home addresses, Social Security numbers, dates of birth, insurance information, clinical information, claims information and other identifiers, according to the city.
“The privacy and security of the information the city maintains is of the utmost importance and the city sincerely regrets any inconvenience or concern this incident may have caused,” the city said in a press release on Thursday.
The city has started sending notices to those potentially affected by the hack. Officials aren't aware of any incidents of identity theft or fraud resulting from the ransomware attack, but it is still giving affected people two years of free credit monitoring and identity theft protection services. Instructions on how to use these services will be included in mailed notice letters. The notices will also provide information on measures people can take to protect their personal information. This includes details on how to set up fraud alerts and security freezes on personal accounts.
The city is encouraging people to be vigilant in reviewing their financial statements and credit reports on a regular basis to identify fraudulent or irregular activity. Dallas has also set up a response center to enable those who have been affected to ask questions and receive assistance on credit monitoring services.
This comes just weeks after City Manager T.C. Broadnax sent an email to Dallas employees saying the hackers had gained access to their data."Investigations like these take time, and we are dedicated to getting you all answers as soon as we can without compromising the integrity of our data review.” – City Manager T.C. Broadnax
tweet this
“Our investigation remains ongoing, but at this time we’ve learned that some information maintained by the city of Dallas, including some benefits-related information maintained by the city’s human resources department, was accessed by the unauthorized third party responsible for this ransomware incident,” Broadnax said in the email which was obtained by the Observer. “We will be making the appropriate notifications in accordance with our obligations.”
Broadnax sent another email to city employees on Thursday letting them know of the resources available for affected individuals.
“The professionals responding to this toll-free call center are familiar with this incident and can provide more information on what individuals can do to protect against misuse of their information,” he said in the email. “We continue to be incredibly grateful for your patience. Investigations like these take time, and we are dedicated to getting you all answers as soon as we can without compromising the integrity of our data review.”
The group behind the attack, called Royal, was responsible for a separate attack on the Dallas Central Appraisal District in November that took down its website for weeks.
In the weeks following the May 3 attack, Dallas officials sent out an update that said, “There is still no indication that data from residents, vendors, or employees has been leaked."
A short time later, the attackers released an update on their blog: “So, we are going to indicate that the data will be leaked soon. We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, [Social Security Numbers], passports), detailed court cases, prisons, medical information, clients’ information and thousands of thousands of governmental documents.”
After the latest attack against Dallas, several city services were disrupted, such as 311 services requests. Courts also closed down as a result of the attack, and Dallas Water Utilities couldn’t process payments. Dallas was also having trouble processing applications or payments for zoning, public works, permitting or development services. The disruptions in the permitting process left a backlog of permits waiting to be approved. At one point, there were some 870 permits awaiting approval due to the effects of the ransomware attack. The city has since been able to process all of the permits that were delayed.
Impacts to police and fire operations forced some automated tasks to be done manually, but those have largely been resolved. Catherine Cuellar, a spokesperson for the city, said in an emailed statement that the city’s network has been restored more than 97%, and it has made public-facing services a priority. Cuellar said the most recent departments to reopen after upgrades were the municipal court in May, the Dallas Public Library catalogue in June, and the public library computers in July.
In late June, the city approved nearly $4 million to be spent with a Houston-based company called Netsync Network Solutions to install and maintain a threat and anomaly detection system to protect against cyber threats, including ransomware attacks.
