DALLAS COUNTY, Texas — Dallas County Judge Clay Jenkins released a statement Monday confirming that a cybersecurity attack affected the county's systems earlier this month.
Jenkins said the county became aware of an incident affecting "a portion of its environment" on Oct. 19, and said the county both immediately took steps to contain it and engaged an outside cybersecurity firm to start an investigation into the breach.
"Our foremost priority is the safety and security of our employees, the residents and the public we serve," Jenkins said in the statement. "We have put in place stringent security protocols to safeguard our systems and data and are collaborating closely with our external cybersecurity specialists and law enforcement to address this situation."
Dallas County shared in an update on Tuesday that, due to containment measures, the data exfiltration from the county's environment was interrupted, preventing any encryption of its files or systems.
The incident appears to have been effectively contained, the county said, partly due to implemented security measures -- including extensive deployment of an endpoint detection and response tool, forcing password changes for all of the systems' users, requiring multi-factor authentication and blocking ingress and egress traffic from IP addresses found to be malicious.
"Currently, there is no evidence of ongoing threat actor activity in our environment," the county said in the updates. "Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County's systems are secure for use."
The investigation is still ongoing, Jenkins said.
No details regarding the extent of the impact have been released as they may evolve during the advancement of the investigation, the statement said.
County officials declined interview requests, but a threat analyst not affiliated with the county, who has access to the dark web, confirmed with WFAA Monday that a ransomware cybercrime organization known as “Play” claimed responsibility and is threatening to reveal private county documents this Friday.
Play is the same group that took credit for a ransomware attack on the city of Oakland, California earlier this year. That attack was so severe it triggered a local state of emergency after personal financial information was leaked online.
Oakland Councilmember Noel Gallo told WFAA the recovery process lasted months, becoming a challenging and costly obstacle for the city.
"They had access to all of our information. From banking information to home expenses, they had a complete package," Gallo said. "My phone and my computer system didn't work for months."
Gallo said the cybersecurity attack in Oakland affected the city's retirees and current employees.
"It was very clear. They were being asked to pay a ransom and all their information from retirement plans was stolen," Gallo said.
The city of Oakland faced lawsuits following the breach.
"We value the trust and credibility we have established with our residents and partners and strive to maintain accuracy in the information we share," Jenkins concluded in his statement. "The County will provide updates as soon as more information becomes available."
WFAA also spoke with Dallas County Senior Sgt. Christopher Dye on Monday. Dye is the president of the Dallas County Sheriff's Association and worries hackers could have access to his and other county employee’s financial records.
"At this point we know very little and that’s the part that concerns us the most," Dye said. "We really want Dallas County to be more forthcoming with information, let us know if our personal information has been released, and if so, we’d like them to sponsor some kind of credit monitoring. Personally, I’m very concerned about it. As soon as this interview is over, I’m gonna go lock down my credit."
The cybersecurity attack on Dallas County is just the latest breach on local North Texas governments in 2023.
In early May, the City of Dallas suffered a ransomware attack that crippled city systems for months and exposed information related to more than 30,000 people connected to the system.
In late June, the City of Fort Worth announced that it suffered a data breach of its own systems and that internal city information was posted online. Unlike the City of Dallas attack, Fort Worth officials said they believed the information acquired by their hack was "not sensitive in nature."
Major North Texas employers American Airlines and Southwest Airlines have also endured major cyberattacks this year. In those instances, personal information for more than 8,000 applicants to become pilots at the airlines was stolen when hackers broke into a database maintained by a recruiting company in Austin in April.
"For most individuals, your data -- if not because of this hack, then some other hack -- is out there," UT Dallas Data Security and Privacy Lab director Murat Kantarcioglu said. "It's better to assume that the data may be leaked, or at least some part of it."
Credit monitoring is still an effective way to identify identity theft and prevent cascading problems, Kantarcioglu said. He noted that hackers can use leaked data to better disguise phishing scams.
Criminals out to make money have increasingly targeted local government entities, including school districts, in recent years. The hackers assume those organizations have not secured their data as tightly as the federal government, financial institutions, or big businesses, Kantarcioglu said.
"Cyber security planning should be up there with planning for a natural disaster," he added. "If you plan for it, you can recover quickly."