Dallas County officials are scrambling to understand the extent of a potentially massive data breach after it was learned that personal information remained on many of a batch of thousands of computers sold at auction.
Some of the computers were used by the sheriff’s department and contained data from the county’s internal criminal justice information system, the digital database of criminal cases used by prosecutors, defense attorneys and judges.
“In this age of information, blatant violation of the Criminal Justice Information System (CJIS) rules and careless compromise of security is unacceptable,” Sheriff Marian Brown said last week in revealing the compromise.
The sheriff’s department did not respond to specific questions about the data breach.
Brown did say her office would work with the Dallas County Office of Information Technology to hold those responsible accountable. County CIO Melissa Kraft did not respond to requests for comment.
It is unclear how many devices have been affected, whether other departments’ information may have been compromised, where the computers went and who is responsible for the improperly disclosed information. The county also has not said when the computers were auctioned.
Sheriff’s department spokesperson Jasmyn Carter said in an email that the department was in the process of notifying the Texas Department of Public Safety, which is required by law.
District Attorney John Creuzot declined to comment on the specifics of the data breach, but he said he is worried.
“I think the sheriff is correct to be concerned about information that may have remained on computers and gone somewhere else,” he said. “We should all be concerned.”
Brown’s statement said other county departments’ computers were auctioned off, too.
County staff told the sheriff’s department that steps had been implemented to mitigate the situation, Carter said.
There are further concerns about computers still with the county. The sheriff’s department discovered that some computers still in use lack proper encryption to protect criminal justice information. Dallas County’s IT staff advised Brown that steps are in progress to correct the encryption issues with the current department computers, Carter said.
The county is not the only entity in Dallas caught up in the recent mishandling of criminal justice data.
The Dallas Morning News reported that at least 13 Dallas police homicide cases could be at risk of being thrown out after revelations that video evidence was permanently deleted in potentially hundreds of murder investigations dating back to 2016.
Deputy City Manager Jon Fortune sent a memo to the City Council’s public safety committee earlier this month about the video evidence. The News reported that an internal audit in November found that police had not categorized 89,000 videos — 2 percent of the total number of videos stored on servers since 2016.
If digital files are not stored properly, the platform could delete them, The News reported. These data losses follow closely on the heels of a separate Dallas police data mishap when an accidental deletion lost 20 terabytes of data in 2021.
©2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.