More than 200,000 people nationwide had their Social Security numbers, medical information, health insurance details and other data exposed during a Dallas County ransomware attack last fall.
County officials began sending letters July 10 notifying employees, residents and other impacted people that hackers had access to their information during an Oct. 19 data breach, said Lauren Trimble, chief of staff for Dallas County Judge Clay Lewis Jenkins. The letters offer people two years of free credit monitoring and identity theft protection services.
“Our foremost priority is the safety and security of our employees, our residents and the public we serve, and we have worked with external cybersecurity specialists to implement additional safeguards to further strengthen our environment,” she said in a statement July 18.
She added that some people whose data was exposed include residents who either received services from county agencies like the Department of Health and Human Services or gave their information to other organizations with county data sharing agreements.
County officials have said new data safeguards include mandating password resets and blocking suspicious IP addresses.
In late October, officials said they’d detected the data breach earlier that month. Ransomware group Play claimed responsibility for the attack and, in early November, said it published stolen information online. County officials said in January that they were reviewing the data to determine if it was authentic.
County officials said an investigation into the cyberattack was finished last Wednesday. Still, they haven’t said how it happened, if any payment was issued to hackers related to this incident, or confirmed whether any stolen information was leaked online.
Trimble referred The Dallas Morning News to past county statements about its attack response when asked these questions. Dallas County Chief Privacy Officer Randall Miller didn’t immediately respond Thursday to requests for comment about the ransomware attack.
According to a notice published July 17 on the Texas Attorney General’s website, 67,701 Texans were affected by the cyberattack. They had their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, health insurance information and other personal details exposed to hackers.
The state requires entities around the country who experience data security breaches to disclose how many Texans are affected and whether notice is provided to them.
Online data breach notifications from the Attorney General’s Office in Maine list a lone resident in that state impacted by the Dallas County cyberattack and lists the total number of people affected as 201,404.
Trimble confirmed Thursday the number is accurate.
County officials say people who suspect their personal information was impacted by last year’s data breach should contact a call center at 1-888-330-2852.
©2024 The Dallas Morning News. Visit dallasnews.com. Distributed by Tribune Content Agency, LLC.
