County officials began sending letters July 10 notifying employees, residents and other impacted people that hackers had access to their information during an Oct. 19 data breach, said Lauren Trimble, chief of staff for Dallas County Judge Clay Lewis Jenkins. The letters offer people two years of free credit monitoring and identity theft protection services.
“Our foremost priority is the safety and security of our employees, our residents, and the public we serve,” she said in a statement Thursday, “and we have worked with external cybersecurity specialists to implement additional safeguards to further strengthen our environment.”
She added that some people whose data was exposed include residents who either received services from county agencies like the Department of Health and Human Services or gave their information to other organizations with county data sharing agreements.
County officials have said new data safeguards include mandating password resets and blocking suspicious IP addresses.
In late October, county officials said they’d detected the data breach earlier that month. Ransomware group Play claimed responsibility for the attack and, in early November, said it published stolen information online. County officials said in January that they were reviewing the data to determine if it was authentic.
County officials said an investigation into the cyber attack was finished last Wednesday. Still, they haven’t said how it happened, if any payment was issued to hackers related to this incident, or confirmed whether any stolen information was leaked online.
Trimble referred The Dallas Morning News to past county statements about its attack response when asked these questions. Dallas County Chief Privacy Officer Randall Miller didn’t immediately respond Thursday to requests for comment about the ransomware attack.
According to a notice published Wednesday on the Texas Attorney General’s website, 67,701 Texans were affected by the cyberattack. They had their names, addresses, dates of birth, social security numbers, driver’s license numbers, medical information, health insurance information and other personal details exposed to hackers.
The state requires entities around the country who experience data security breaches to disclose how many Texans are affected and whether notice is provided to them.
Online data breach notifications from the Attorney General’s Office in Maine list a lone resident in that state impacted by the Dallas County cyberattack lists the total number of people affected as 201,404. Trimble confirmed Thursday the number is accurate.
The hacking has been part of a series of recent issues facing Dallas County.
Hundreds of county employees and some vendors were either unpaid or underpaid for months because of problems with a new payroll system last year.
County Administrator Darryl Martin announced last November that an employee erroneously wired $2.4 million to scammers who used a fake business email address to impersonate a contractor seeking payment.
An interim budget report released in June showed the county faces a $40.6 million projected deficit. Overtime overspending in the sheriff’s department was cited as a key reason for the shortfall. The county is considering laying off hundreds of workers next year and putting more oversight on overtime spending to close the gap.
County officials say people who suspect their personal information was impacted by last year’s data breach should contact a call center at 1-888-330-2852.
© 2024 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.
