The city issued a formal notice for the first time about potential data being exposed in the ransomware attack by Royal, the hacking group that officials identified early in the cyberattack.
“While the investigation is ongoing, it has determined that an unauthorized third party accessed certain servers and downloaded some data between April 7, 2023, and May 4, 2023,” the city of Dallas said in a news release.
The release said officials first detected the ransomware attack on May 3. However, it’s not clear if the suspected hackers accessed information in the days or weeks prior to that.
Officials said on June 14 and the weeks after that the investigation determined files “potentially containing” sensitive information of “certain individuals” were accessed by Royal, including full name, home address, social security number and date of birth as well as “insurance information, clinical information, claims information, diagnosis and other identifiers.” Officials did not specify how many people were affected and whether only city employees’ personal data was accessed.
The investigation is ongoing, officials said, but the city has begun sending notices to those potentially involved. Officials say they are not aware of any identity theft or fraud resulting from the ransomware attack but added they will provide involved individuals with two years of free credit monitoring and identity theft protection services.
In mailed notice letters, the city said there will be instructions on how to activate the credit monitoring service along with measures people can take to protect their personal information. The city has established a response center for those affected to send questions and receive help with monitoring services.
City Manager T.C. Broadnax previously told city employees in an email that information stored by the city’s human resources department was exposed and that officials would make the appropriate notifications. Royal threatened in a May 19 blog post to publicly share personal information of employees along with governmental documents, but it doesn’t appear that’s happened as of Thursday.
The city said early in July that 97% of its network had been restored after the ransomware attack. Officials have not shared specifics of how the attack happened.
The city has asked anyone who believes they were affected but has not received a letter by Aug. 25 to call 833-627-2708.
©2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.