News for North Texas
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Dallas ransomware attack affected more than 26,000 people, city says

Dallas City Hall

The ransomware attack that hit the city of Dallas earlier this year affected 26,212 people, according to a report filed with the Texas Attorney General's Office.

The data security breach report — which was filed Thursday and made public Monday — says names, addresses, Social Security numbers, medical information and health insurance information were all compromised in the attack. The findings were first reported by the Dallas Morning News.

The compromised personal information includes names, addresses, Social Security numbers, medical and health insurance information, and "other," according to the report.

Reporting the breach is required under state law and comes more than three months after the city disclosed the cyber attack to the public.

Citing an ongoing criminal investigation, the city has withheld many details on the nature and scope of the breach. A spokesperson reiterated the city's found no additional suspicious activity, and confirmed some members of the public would likely receive notices that their data was breached.

Chief Information Officer Bill Zielinski is expected to provide an update to the Dallas City Council on Sept. 6.

The city has come under fire for its handling of the breach. For weeks, Dallas officials claimed no sensitive information was accessed. But on Friday, the city confirmed it had known personnel information was likely compromised as early as June 14.

In response, the Dallas firefighters' union took to Twitter to call for accountability from City Manager T.C. Broadnax.

Fire union members were among those impacted, according to Dallas Fire Fighters Association President Jim McDade. He told KERA News even his son's personal information was leaked.

"It's just out there," McDade said. "These are our children that don't even work for the city of Dallas."

McDade added the city has provided identity theft protection and credit monitoring for 24 months.

"It's the first step, but I wish we weren't at this point right now," he said.

The hacker group Royal has taken responsibility for the attack, and threatened to leak sensitive information via their blog just a few weeks after the attack.

The report says the city has provided notice to the people impacted.

Anyone who received a notification that their information was compromised should call the city's help desk at (833)627-2708 between 8 a.m. and 8 p.m.

KERA's Nathan Collins contributed to this report.

Born in London, Morning Producer and Podcast Host Katherine Hobbs has lived across the U.S. since 2001. Prior to joining KERA, she produced three podcasts for WJCT Public Media and Florida Public Media and wrote for Jacksonville Magazine, Autism Parenting Magazine and EU Jacksonville, among others. Katherine is thrilled to return to Texas after briefly living in Austin to share the stories that impact our North Texas community. When she’s not working, Katherine can be found admiring public libraries and visiting penguin colonies around the world.
Toluwani Osibamowo is a general assignments reporter for KERA. She previously worked as a news intern for Texas Tech Public Media and copy editor for Texas Tech University’s student newspaper, The Daily Toreador, before graduating with a bachelor’s degree in journalism. She is originally from Plano.