County officials said Monday that they became aware of a “cybersecurity incident” on Oct. 19, but they have not released details.
“We immediately took steps to contain the incident and engaged an external cybersecurity firm to conduct a comprehensive forensic investigation,” County Judge Clay Lewis Jenkins said in a statement.
The statement said that the county has put in place stringent security protocols and is working with cybersecurity specialists and law enforcement to address the situation. Citing an ongoing investigation, it did not elaborate on the incident. Lewis Jenkins’ office declined to comment further.
Commissioner John Wiley Price said that the county knew about the alleged attack before the ransomware group posted on the dark web. Price said that the county is not validating the claim that this group infiltrated the county’s system but rather investigating whether a breach occurred.
“We just know that it’s a claim,” he said in an interview. “We’re not validating any claim at this time.”
The Dallas Police Department sent an internal email on Monday cautioning employees to not log into the law enforcement portal shared with Dallas County, upload or download evidence or open attachments or links from Dallas County email addresses.
District Attorney John Creuzot said that the incident could impede attorneys’ and prosecutors’ ability to upload documents to court cases.
“If there is a larger a problem, I haven’t been informed of it, and nobody in my office told me that they were impaired in their ability to do their work,” Creuzot said in an interview.
Cyber experts have posted on X, formerly Twitter, screenshots from the dark web of a cyber hacking group claiming to have information from Dallas County. The screenshots say the hackers created the post Oct. 28.
Brett Callow, a cyber threat analyst with cybersecurity firm Emsisoft, said that, while these hackers typically are criminals and can lie to officials, once they’ve announced on the dark web that they have information from an organization, they usually do have them.
“They may exaggerate the amount that they have taken, but they usually tend to have obtained at least some,” he said in an interview.
The ransomware group Play has claimed responsibility. Callow said little is known about this group, but it became public in the middle of last year. Some groups boasting of hacks typically include a few files in their posts as examples of what they’ve obtained from a government entity, school district or company, but Callow said Play tends to release little information. This cyber terror group also hit Oakland, Calif., other media outlets have reported.
Play’s post threatens to publish the information stolen from Dallas County on Nov. 3.
Once a cyber hacking group has accessed an organization’s system, Callow said, attackers either steal information or lock entire computer systems, strong-arming the organization to pay for a promise that the attackers will delete their copy of the stolen information or for restored access to their system. If an organization refuses to pay the ransom for their information, hackers threaten to release the stolen files on the dark web.
Callow questioned why Dallas County did not inform the public of the breach as soon as officials became aware.
“My personal feeling here is people’s personal information may have been compromised. They should be told right away that it may have been compromised,” he said. “They know to monitor their bank accounts or take whatever action they wish to make sure they don’t fall victim.”
At least 72 local governments in the U.S. have been affected by ransomware this year, according to Emsisoft, which helps recover data stolen in ransomware attacks.
“My gut feeling is that this is shaping up to be the worst year in terms of organizations compromised,” Callow said.
Dallas has seen several attacks recently, including attacks on the city of Dallas and the Dallas Central Appraisal District.
In April, hackers stole more than 800,000 files from the city of Dallas. An internal review of the data breach concluded that the group Royal used stolen online credentials to get into the city of Dallas’ system.
Last November, the appraisal district was hit on Election Day when the same ransomware group, Royal, froze employees’ access to computers, emails and the district website. The tax appraisal district paid $170,000 to the ransomware group.
Dallas County has been without a top information technology officer since July. Price said county cybersecurity staff are diligent.
“Cyber is the one part of IT that I don’t have a concern about,” he said. “We’ve got the right hands on deck.”
Staff writer Kelli Smith contributed to this report.
©2023 The Dallas Morning News, Distributed by Tribune Content Agency, LLC.
