Over 26,000 people, including children, had their personal data compromised by hackers in the ransomware attack against the City of Dallas three months ago.
As previously reported by The Dallas Express, the City of Dallas said last week that hackers obtained the personal data of “certain individuals” from City servers in April and early May but did not specify who those individuals were or might be.
Not long before that, a leaked email from City Manager T.C. Broadnax to City employees said information about staff maintained by the City’s Human Resources Department had been compromised. At the time, no indication was given that outside members of the public were impacted.
But a data security breach report from the Texas Attorney General’s website revealed that the damage was far-reaching: 26,212 Texans were affected by the attack.
Moreover, children were among those whose information was stolen, CBS News reported.
Cybersecurity expert Andrew Sternke told CBS that children can be impacted into adulthood if their personal data is compromised.
“This information is released out onto the dark web to be sold,” he said. “When that kid turns 18, it’s a free-for-all and that’s another concerning aspect: that it’s not just the adults we have to worry about.”
Some City employees have apparently already reported identity theft.
“Unfortunately, it was what I expected,” Dallas Fire Fighters Association (DFFA) President Jim McDade told CBS. “That’s why I took out the identity theft protection back in May.”
McDade said his information, along with the information of his 10-year-old son and the families of other City employees, was stolen by hackers.
The 1,500 members of the DFFA have been infuriated at the City for its slow response to the attack, he added.
As previously reported by The Dallas Express, the City initially repeatedly maintained that there was “no indication that data from residents, vendors, or employees has been leaked.”
The City then changed its tune last week and officially admitted personnel data were stolen by hackers after Broadnax’s email to City employees was leaked.
“That false sense of security created a long period of time that employees could have taken protective steps. Seems very disingenuous,” Dallas Police Association President Mike Mata previously told The Dallas Express.
Now, it appears that thousands were affected by the breach, many more than implied by the City’s admissions that the data of City staff and “certain individuals” had been accessed.
The seeming lack of transparency on the part of the City has raised concern among Dallas residents, with a plurality of respondents in a poll conducted by The Dallas Express indicating they think officials should be more forthcoming.
In response to concerns about the time it took officials to report who was affected by the data breach, the City of Dallas issued a statement published by CBS:
“On June 14, 2023, and in the weeks following, the investigation determined that the accessed files contained sensitive information of certain individuals. The initial phase of the investigation and data review was completed in late July determining whose and what information was involved in the incident.”