Dallas County officials said this week that they are examining files stolen by hackers and posted on the dark web but remain unclear about whether the stolen data includes personal information about employees or residents.
The ransomware group Play says it hacked into Dallas County’s network and has posted some of the stolen information on the dark web. The post threatens a full release if there is “no reaction.”
Play demanded a ransom, which county officials have not disclosed, and the county appears not to have paid it.
“We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact,” a county statement said.
“As the investigation progresses, when our review determines personal information has been involved, we will notify the affected individuals directly.”
The state requires organizations report system breaches affecting 250 or more Texans within 30 days of discovery. According to the state data breach database, Dallas County has not reported a breach.
County officials told The Dallas Morning News that hackers with stolen credentials tried to infiltrate the county network on Oct. 19 at 3 a.m. Staff received an alert of suspicious activity and shut down the system. That morning, every user was required to change their passwords.
According to the county, security measures that stopped the hackers mid-attack include requiring multifactor authentication for remote access to the network, forcing frequent password changes for all users, monitoring devices accessing the network and reviewing potentially malicious IP addresses attempting to access or remove content from the county network.
©2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.
