Dallas City Council Approves $8.6M for Ransomware Response

The Dallas City Council on Wednesday approved nearly $8.6 million in payments for services related to the ransomware attack earlier this year, including credit monitoring for potential identity theft victims.

The council asked no questions about the payments before unanimously approving the agenda item. The names of the vendors receiving the money, how much each vendor is getting, and what specific services were provided were not laid out in any publicly available documents.

A list of what the money is being set aside for was provided to The Dallas Morning News by Deputy City Manager Jon Fortune after the council meeting.

Fortune told the council during the meeting that the city mailed about 27,000 letters starting last week notifying mostly current and former employees, such as retirees, that their data was exposed and that the city is offering credit monitoring because of it.

The $8.6 million is coming from two different city reserve funds to pay invoices to vendors for new hardware, software, consultants, monitoring and other professional services described as emergency purchases made because of the cyber attack, according to city documents.

According to the city, the money is going toward:

• New storage devices, servers, laptops, desktop computers and mobile dispatch computers for police and fire vehicles to replace ones that were compromised or damaged in the ransomware attack
• Temporary staff who aided in the city’s recovery efforts
• Credit monitoring services, identity protection, call center and notification support
• Forensic accounting
• Recovery and restoration services for city applications and systems
• Installation of new hardware and equipment
• New and additional software licenses to enhance the city’s cybersecurity, response and recovery efforts

The city is planning to file insurance claims and put any reimbursement received into its general fund contingency reserve, which is 65 percent of the funding source for these invoice payments. The rest is from the city’s liability reserve fund.

The payment approval comes three months after the city announced being hit with a ransomware attack on May 3.

Last week, Dallas officials publicly confirmed that hackers had downloaded sensitive information from city servers and began notifying people potentially impacted. Dallas officials said they knew as of June 14 that hackers had access to city-stored personal information.

The city has previously said ransomware group Royal was responsible for the breach.

The Texas attorney general’s office published Monday that the city reported at least 26,212 people are suspected of being impacted by the cyber attack. The city’s notice to the attorney general’s office says the data breach included names, addresses, Social Security numbers and medical and health insurance information.

©2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.