Dallas County officials are trying to determine the validity of claims by hackers that they've posted county data online.
The hackers group, which calls itself "Play," claimed it was behind what Dallas County officials have described as a "cybersecurity incident" on Oct. 19.
A statement posted on a "Cybersecurity Notification Update" web site set up after cyberattack last month said Tuesday that the county is "currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact."
Anyone affected by the ransomware threat will be notified directly when compromised personal information is identified, County Judge Clay Lewis Jenkins wrote Tuesday in the statement posted online.
“We understand the concerns that such an incident may raise among our residents, employees, and partners,” the statement read.
The group known as Play claimed responsibility for the attack. The county publicly acknowledged it in late October.
The statement encouraged people who are concerned about the incident to learn more from the Federal Trade Commission about identity theft.
When the attack was first made public, Jenkins said that the county had hired a cybersecurity firm to conduct a comprehensive forensic investigation.
Dallas County is one of many local governments in Texas, and throughout the nation, that have been targeted by cyberattacks.
A May 3 cyberattack compromised personal information for more than 25,000 Dallas city personnel. The benefits-related information was maintained by the city's human resources department.
Later that month the hacker group Royal threatened to leak sensitive information via their blog. At the time, city officials released a statement saying they were aware of the threat.
In late June, the Dallas City Council approved a $3.9 million cybersecurity contract, with little discussion. The contract authorized the city manager to pay the consulting group Netsync for “support of a threat and anomaly detection system” for the city’s IT department.
For weeks following that incident, Dallas officials claimed no sensitive information was accessed. But three months later, the city confirmed it had known personnel information was likely compromised as early as June 14.
The data breach included city names, addresses, Social Security numbers, medical information and health insurance information.
The Dallas Central Appraisal District also was the target of a cyberattack about a year ago.
KERA's Megan Cardona contributed to this report.
Got a tip? Email Marina Trahan Martinez at mmartinez@kera.org. You can follow Marina at @HisGirlHildy.
KERA News is made possible through the generosity of our members. If you find this reporting valuable, consider making a tax-deductible gift today. Thank you.
