Massive Data Breach: 200,000 Individuals’ Information Compromised in 2023 Ransomware Attack

Imagine living in a bustling city like Dallas, Texas, the second-largest county in the Lone Star State with over 2.6 million residents. Now, picture over 200,000 of those people receiving a notification about their personal data being exposed to cybercriminals due to the Play ransomware attack in October 2023. It’s a chilling thought, isn’t it?

That’s precisely what happened when the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments. Dallas officials acknowledged the incident a few days later, assuring the public they were reviewing the leaked data when Play published it in early November.

As the leaked data review took a lot of time and people were concerned, Dallas set up a dedicated call center in January 2024. Fast forward to yesterday when Dallas County posted an update about the incident on its website and sent data breach notices to 201,404 impacted individuals, including Dallas residents, employees, and others who interacted with its public services.

The types of data confirmed to have been exposed vary per individual and include the following:

• Full name
• Social Security number (SSN)
• Date of birth
• Driver’s license
• State identification number
• Taxpayer identification number
• Medical information
• Health insurance information

Those whose SSNs and taxpayer identification numbers were exposed will receive two years of credit monitoring and identity theft protection services. While these services can help, it’s crucial that everyone takes their cybersecurity seriously.

In response to the breach, Dallas County has implemented several security-strengthening measures on its networks, including deploying Endpoint Detection and Response (EDR) solutions across all servers, forcing password resets, and blocking malicious/suspicious IP addresses.

What’s going on with Dallas’ cybersecurity?

Unfortunately, this isn’t the first time Dallas County and the City of Dallas have faced cybersecurity incidents. In November 2023, a Dallas County employee fell victim to a social engineering attack by business email compromise (BEC) scammers and sent a fraudulent payment of $2,400,000.

Earlier in May 2023, the City of Dallas suffered a breach from Royal ransomware, which forced it to take offline parts of its IT infrastructure, including police communications. We learned at the time that Royal was printing ransom notices on the City’s printers, which had fallen under the attackers’ control. It was later established that Royal operators leveraged stolen account credentials to maintain access to the compromised systems between April 7 and May 4, during which they exfiltrated over 1 TB of data.

These incidents serve as a stark reminder that we must all take cybersecurity seriously. It’s not just about protecting our personal information but also about safeguarding the essential services and infrastructure we rely on every day.

Don’t wait for a ransomware attack to happen to you or your community. Contact us to learn more about how we can help you prevent cybersecurity incidents and keep your data safe. And remember, always come back to learn more about the latest cybersecurity news and tips.