Saved Web Pages

Personal Data Might Have Been Accessed During Dallas Ransomware Attack

Information from some of Dallas’ 13,400 employees may have been compromised during a cyber attack against the city earlier this year.

August 7, 2023

The city determined that an unauthorized third party accessed certain servers and downloaded some information between April 7 and May 4.

The city determined that an unauthorized third party accessed certain servers and downloaded some information between April 7 and May 4.
Lauren Drewes Daniels

            "name": "Editor Picks / STN Combo", 
            "component": "17105533", 
            "insertPoint": "4", 
            "requiredCountToDisplay": "6" 
            "name": "Air - MediumRectangle - Combo - Inline Content", 
            "component": "17105532", 
            "insertPoint": "8th", 
            "startingPoint": 8, 
            "requiredCountToDisplay": "7" 
            "name": "Air - Leaderboard Tower - Combo - Inline Content", 
            "component": "17105535", 
            "insertPoint": "8th", 
            "startingPoint": 12, 
            "requiredCountToDisplay": "11" 
The city of Dallas has confirmed that some personal data may have been obtained by hackers during a ransomware attack a few months ago. The attack was first detected on May 3 and the city has been investigating it ever since. The city said that on June 14 and in the weeks following, its investigation found files that potentially contained sensitive personal information were accessed by an “unauthorized third party.” This personal information includes full names, home addresses, Social Security numbers, dates of birth, insurance information, clinical information, claims information and other identifiers, according to the city. “The privacy and security of the information the city maintains is of the utmost importance and the city sincerely regrets any inconvenience or concern this incident may have caused,” the city said in a press release on Thursday. The city has started sending notices to those potentially affected by the hack. Officials aren’t aware of any incidents of identity theft or fraud resulting from the ransomware attack, but it is still giving affected people two years of free credit monitoring and identity theft protection services. Instructions on how to use these services will be included in mailed notice letters. The notices will also provide information on measures people can take to protect their personal information. This includes details on how to set up fraud alerts and security freezes on personal accounts.

The city is encouraging people to be vigilant in reviewing their financial statements and credit reports on a regular basis to identify fraudulent or irregular activity. Dallas has also set up a response center to enable those who have been affected to ask questions and receive assistance on credit monitoring services. 

“Investigations like these take time, and we are dedicated to getting you all answers as soon as we can without compromising the integrity of our data review.” – City Manager T.C. Broadnax

tweet this

This comes just weeks after City Manager T.C. Broadnax sent an email to Dallas employees saying the hackers had gained access to their data.

“Our investigation remains ongoing, but at this time we’ve learned that some information maintained by the city of Dallas, including some benefits-related information maintained by the city’s human resources department, was accessed by the unauthorized third party responsible for this ransomware incident,” Broadnax said in the email which was obtained by the Observer. “We will be making the appropriate notifications in accordance with our obligations.”

Broadnax sent another email to city employees on Thursday letting them know of the resources available for affected individuals. “The professionals responding to this toll-free call center are familiar with this incident and can provide more information on what individuals can do to protect against misuse of their information,” he said in the email. “We continue to be incredibly grateful for your patience. Investigations like these take time, and we are dedicated to getting you all answers as soon as we can without compromising the integrity of our data review.”

The group behind the attack, called Royal, was responsible for a separate attack on the Dallas Central Appraisal District in November that took down its website for weeks.  

In the weeks following the May 3 attack, Dallas officials sent out an update that said, “There is still no indication that data from residents, vendors, or employees has been leaked.”

A short time later, the attackers released an update on their blog: “So, we are going to indicate that the data will be leaked soon. We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, [Social Security Numbers], passports), detailed court cases, prisons, medical information, clients’ information and thousands of thousands of governmental documents.”

After the latest attack against Dallas, several city services were disrupted, such as 311 services requests. Courts also closed down as a result of the attack, and Dallas Water Utilities couldn’t process payments. Dallas was also having trouble processing applications or payments for zoning, public works, permitting or development services. The disruptions in the permitting process left a backlog of permits waiting to be approved. At one point, there were some 870 permits awaiting approval due to the effects of the ransomware attack. The city has since been able to process all of the permits that were delayed.

Impacts to police and fire operations forced some automated tasks to be done manually, but those have largely been resolved. Catherine Cuellar, a spokesperson for the city, said in an emailed statement that the city’s network has been restored more than 97%, and it has made public-facing services a priority. Cuellar said the most recent departments to reopen after upgrades were the municipal court in May, the Dallas Public Library catalogue in June, and the public library computers in July.

In late June, the city approved nearly $4 million to be spent with a Houston-based company called Netsync Network Solutions to install and maintain a threat and anomaly detection system to protect against cyber threats, including ransomware attacks. 


Dallas Observer


Since we started the Dallas Observer, it has been defined as the free, independent voice of Dallas, and we’d like to keep it that way. With local media under siege, it’s more important than ever for us to rally support behind funding our local journalism. You can help by participating in our “I Support” program, allowing us to keep offering readers access to our incisive coverage of local news, food and culture with no paywalls.

Make a one-time donation today for as little as $1.
Dallas Observer Insiders

Get the latest music, news, free stuff and more!

WP Radio
WP Radio