County & Local

Dallas ransomware attack compromised data of 30,000 people, officials say

Dallas city officials said in a recent presentation that data of 30,000 people was compromised in a recent cyberattack, including some Social Security numbers and other sensitive data.

By Keely Quinlan

September 25, 2023

An IT researchers shows off a computer infected by a ransomware at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes, France, on November 3, 2016. (Damien Meyer / AFP / Getty Images)

A ransomware incident that affected several city services in Dallas this past May leaked the information of more than 30,000 individuals, city officials shared with reporters last week. They also said that number may climb as their review of the cyberattack unfolds.

The city, which identified a ransomware attack on its systems in early May, said in August that files potentially containing Social Security numbers had been stolen. Despite the large number of records involved, Dallas officials last week said that only a “small amount” of sensitive data was accessed, according to a report from WFAA. In addition to the Social Security information, accessed data may also include medical and health insurance information.

According to presentation shared during a Dallas City Council briefing last week by Brian Gardner, the city’s chief technology and information security officer, the Royal hacker group that claimed responsibility for the incident had performed reconnaissance on the city’s systems for nearly a month, beginning on April 7. These actions included downloading data, encrypting files and reviewing user accounts.

By the time the incident was detected on May 3, the Royal group had downloaded nearly 1.2 terabytes of the city’s 3,800 terabytes of data, according to the presentation. City officials said they contained the attack the next day, but not before the attack had shut down online payments, municipal court scheduling and several systems related to public safety, including computer-aided dispatching for the city’s police and fire departments.

Gardner said in his presentation that the Department of Information and Technology Services began a cybersecurity program review after the incident. The city also conducted privacy and security assessments, backup and recovery processes and updated its incident response plan.

According to the presentation, the city is now 99.9% back to normal operations. In June, the city said it had recovered 90% of its operational capacity.

The city also reports it has increased its cybersecurity spending to 10% of the total ITS budget this year, up from just 2.5% of the department’s total budge in 2019. The increase includes $8.5 million for cyberattack prevention, mitigation and recovery efforts. In June, the Dallas City Council approved a nearly $4 million contract for network threat detection.