The hold up could mean further delaying clarity to the public on how the cyberattack happened and what steps the city took to safeguard residents’ personal information since then.
A full after-action report was scheduled to be released to the public after a briefing on the review’s findings by information technology officials to the City Council on Wednesday, but the briefing was postponed because it was past 8 p.m. by the time the presentation was set to be heard. The City Council meeting started around 9:30 a.m., and the bulk of it was spent discussing amendments to the upcoming budget.
“In the interest of time tonight, we’re going to recommend that we postpone the briefing (letter) C, the ransomware update, until our next briefing day, as well as the executive session that may have been associated with it,” City Manager T.C. Broadnax told the City Council around 8:20 p.m. Wednesday. The elected officials approved delaying the presentation to their next briefing meeting, which is scheduled for Sept. 20.
Catherine Cuellar, the city’s communications director, confirmed Thursday that the report’s release will be delayed as well. A news conference with Chief Information Officer Bill Zielinski and Chief Security Officer Brian Gardner — top officials in the city’s IT department — about the ransomware attack was scheduled for 2 p.m. Thursday. It was canceled four hours after it was announced Wednesday when the council presentation was postponed.
It would have been the first news conference held by the city discussing the ransomware attack since the data breach was announced on May 3.
Hackers accessed some of the most sensitive information stored by the city, including medical information, health insurance information and Social Security numbers of Dallas employees, retirees and their relatives. The personal information of at least 30,253 peoplewas exposed, though city officials believe that number could increase later this year after further review of the data breach.
“It will be published after the council is briefed,” Cuellar told The Dallas Morning News of the report. She didn’t immediately respond to questions Thursday on why the release of the report is being delayed.
Zielinski recently told The Newsthat there were some aspects of the cyberattack that he wouldn’t discuss until the City Council presentation that was supposed to happen Wednesday. For example, when asked what made Dallas’s system vulnerable when other Texas cities, such as Houston, San Antonio and Austin haven’t reported ransomware attacks in recent years, he said, “We’ll actually be sharing more information that’s directly responsive to this question during the Sept. 6 briefing.”
The city has already published a 16-page slideshow of the presentation Zielinski and Gardner were planning to give. It gives a bullet-point summary of some of the report findings, such as that nearly 1.2 terabytes of city-stored data was stolen by hackers.
But the presentation doesn’t elaborate on what specific files were stolen, how hackers were able to have access to Dallas’ network from April 7 until being discovered by the city on May 3, and doesn’t clearly explain several other aspects of the attack and how the city is working to prevent future data breach attempts. Some details city officials told The News this week related to the hack, like the amount of data leaked translates to around 819,000 files, weren’t included in the summary available to the public.
The city has been criticized by some for how it has communicated information about the attack, including that city officials say they knew personal information was exposed as early as June 14, but didn’t send any notification to employees about it until a month later. The city last month sent 27,000 letters to people impacted by the data breach informing them of the leak and offering them two years of free credit monitoring.
Broadnax and other officials have defended the delay, saying it was necessary for city officials to be as precise as possible about what data had been accessed and who was affected. They have also cited an ongoing criminal investigation into the hacking as reason to share few details publicly.
Royal, the ransomware group city officials have identified as the culprit of the cyberattack, was encrypting files and making ransom requests, according to the city. It’s not clear how much money was requested from the city or if any ransom has been paid.
Dallas holds nearly four petabytes of data, according to the city. One petabyte equals 1,000 terabytes. Zielinski told The News the leaked data makes up .0003% of the total amount of data held by the city.
© 2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.