Tag Archive for: Dallas

Hackers Claim to Have Breached Dallas County Government

/in


(TNS) — Dallas County may be the latest victim in a string of local cyber attacks after a ransomware group claimed on the dark web over the weekend that it has obtained county information.

County officials said Monday that they became aware of a “cybersecurity incident” on Oct. 19, but they have not released details.

“We immediately took steps to contain the incident and engaged an external cybersecurity firm to conduct a comprehensive forensic investigation,” County Judge Clay Lewis Jenkins said in a statement.


The statement said that the county has put in place stringent security protocols and is working with cybersecurity specialists and law enforcement to address the situation. Citing an ongoing investigation, it did not elaborate on the incident. Lewis Jenkins’ office declined to comment further.

Commissioner John Wiley Price said that the county knew about the alleged attack before the ransomware group posted on the dark web. Price said that the county is not validating the claim that this group infiltrated the county’s system but rather investigating whether a breach occurred.

“We just know that it’s a claim,” he said in an interview. “We’re not validating any claim at this time.”

The Dallas Police Department sent an internal email on Monday cautioning employees to not log into the law enforcement portal shared with Dallas County, upload or download evidence or open attachments or links from Dallas County email addresses.

District Attorney John Creuzot said that the incident could impede attorneys’ and prosecutors’ ability to upload documents to court cases.

“If there is a larger a problem, I haven’t been informed of it, and nobody in my office told me that they were impaired in their ability to do their work,” Creuzot said in an interview.

Cyber experts have posted on X, formerly Twitter, screenshots from the dark web of a cyber hacking group claiming to have information from Dallas County. The screenshots say the hackers created the post Oct. 28.

Brett Callow, a cyber threat analyst with cybersecurity firm Emsisoft, said that, while these hackers typically are criminals and…

Source…

Dallas County computer systems targeted in cyber attack Oct. 19, county judge says

/in


A cyber attack recognized by Dallas County officials Oct. 19 may have compromised the personal information of employees and residents, according to a statement from County Judge .

Jenkins said in the statement, released Monday, that the county is working with police and external cybersecurity experts to determine the extent of the information compromised in the attack. Dallas County officials took immediate steps when the attack was identified on Oct. 19 to contain it.

Jenkins did not say how extensive the attack was, who may have been impacted or what information was targeted. The county has put “stringent security protocols” in place to “safeguard our systems and data,” he said in the statement.

“As the investigation is still ongoing, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances,” Jenkins said. “We value the trust and credibility we have established with our residents and partners and strive to maintain accuracy in the information we share.”

The city of Dallas was hit with a ransomware attack in May that disabled systems for months and exposed information related to more than 30,000 people. Dallas officials identified the attackers as ransomware group “Royal.”

In June, Fort Worth was targeted by a cyber attack that resulted in a leak of roughly 180 gigabytes of city work orders and police reports. SeigedSec, a self-described hacker group of “gay furries,” was identified by the city as the perpetrators of the attack. It said on social media around the time of the attack that it was targeting Texas governments because of the state’s policy on gender affirming care.

The city said in June it was confident it had identified and plugged the hole that allowed the hackers access to the city’s systems. Unlike the attack in Dallas, the hack on Fort Worth’s systems was not ransomware.

Source…

Dallas City Council receives update on May ransomware attack

/in


DALLAS — On Wednesday, details surrounding the ransomware attack that has plagued the City of Dallas since May started to come into focus.

According to an after-action report delivered at Dallas City Council, hackers used stolen online credentials to get into the city of Dallas’ system and steal files. Ultimately, the report said, a “small amount” of “sensitive data” was accessed. But, according to Dallas Chief Information Officer Brian Gardner, the majority of the data breached was “not sensitive.” 

Dallas information technology officials said hackers with a group called Royal began their attack on April 7. City officials said the hackers were able to connect to a city server and give themselves remote access to the system. Per the after-action report, Royal downloaded almost 1.2 terabytes of data through that server, and launched a ransomware attack in the early morning hours of May 3.

The after-action report said the attack was contained the very next day, on May 4.

Still, Royal’s attack shut down city servers and services for weeks. 

The after-action report itself comes four months after the attack after its presentation was delayed at previous council meetings.

The most sensitive information accessed included medical and health insurance information, the report said. Hackers were also able to acquire social security numbers, the report revealed.

In August, the city said, some 27,000 letters that were mailed to people impacted by the attack informed them of the leaked information, and offered them two years of free credit monitoring. 

“Our investigation to date has indicated that some of your sensitive personal information was impacted,” the letter read. “The information included your name, address, SSN, Date of Birth, Insurance Information, Clinical Information, Claims Information, Diagnosis.”

WFAA spoke to people impacted by the hack, including Dallas Police Association President Mike Mata. Mata said his biggest concern about the hack is the lack of transparency from the city surrounding it.

“The city should have taken proactive steps in the very beginning, rather than having to be pushed for it,” Mata said. “We advocated years ago to separate our databases from…

Source…

Dallas delays release of report that reviews ransomware response

/in


An internal report reviewing Dallas’ response to a ransomware attack that was planned to be published Wednesday could now have its public release delayed up to two weeks, city officials say.

The hold up could mean further delaying clarity to the public on how the cyberattack happened and what steps the city took to safeguard residents’ personal information since then.

A full after-action report was scheduled to be released to the public after a briefing on the review’s findings by information technology officials to the City Council on Wednesday, but the briefing was postponed because it was past 8 p.m. by the time the presentation was set to be heard. The City Council meeting started around 9:30 a.m., and the bulk of it was spent discussing amendments to the upcoming budget.

Political Points

Get the latest politics news from North Texas and beyond.

“In the interest of time tonight, we’re going to recommend that we postpone the briefing (letter) C, the ransomware update, until our next briefing day, as well as the executive session that may have been associated with it,” City Manager T.C. Broadnax told the City Council around 8:20 p.m. Wednesday. The elected officials approved delaying the presentation to their next briefing meeting, which is scheduled for Sept. 20.

Catherine Cuellar, the city’s communications director, confirmed Thursday that the report’s release will be delayed as well. A news conference with Chief Information Officer Bill Zielinski and Chief Security Officer Brian Gardner — top officials in the city’s IT department — about the ransomware attack was scheduled for 2 p.m. Thursday. It was canceled four hours after it was announced Wednesday when the council presentation was postponed.

It would have been the first news conference held by the city discussing the ransomware attack since the data breach was announced on May 3.

Hackers accessed some of the most sensitive information stored by the city, including medical information, health insurance information and Social Security numbers of Dallas employees, retirees and their relatives. The personal information of…

Source…