Pierluigi Paganini
July 12, 2024
In October 2023 the Play ransomware group hit Dallas County, Texas, and added the city to its Tor leak site claiming the theft of sensitive documents from multiple departments.
Dallas refused to pay the ransom and the extortion group leaked the stolen documents in November 2023. Since the publication of the files, Dallas analyzed the document and determined the exact scope of the security breach.
Dallas County is now notifying over 200,000 individuals impacted by the ransomware attack.
“As the County previously shared with its residents and partners, on October 19, 2023, the County became aware of a cybersecurity incident affecting a portion of its environment. Upon detection, the County promptly took steps to contain the incident and engaged third-party cybersecurity specialists to perform a comprehensive investigation, including to determine what data may be involved.” reads the Cybersecurity Notification Update published by the County. “During the investigation, the County established a dedicated call center for individuals to call should they have any questions relating to the incident and to obtain complimentary credit monitoring services should they have any concerns. The call center continues to be operational as of the date of this notice and will remain open for ninety days. The County recently completed its investigation and determined that certain information related to individuals may be involved. The specific types of information impacted is detailed further below.“
In response to the incident, the County took immediate steps to secure its information. The county deployed an Endpoint Detection and Response (EDR) tool across all servers and endpoints, enforced password changes for all users, and blocked traffic to and from identified malicious IP addresses. The County is investigated the incident with the help of external cybersecurity experts.
According to a data breach notification filed with the Office of the Maine Attorney General, the security breach impacted 201.404 individuals.
Compromised data includes names, social Security numbers (SSN), dates of birth; driver’s license/state identification numbers, and taxpayer identification numbers. For some individuals, certain types of medical information (e.g., diagnosis or conditions information) and health insurance information may be exposed.
Dallas County offered two years of credit monitoring and identity theft protection services to impacted individuals.
In May 2023, the IT systems at the City of Dallas were targeted by a Royal ransomware attack. To prevent the threat from spreading within the network, the City has shut down the impacted IT systems.
The attack impacted less than 200 devices and essential operations, like 911, remained working.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
