City officials discussed the aftermath of the alleged ransomware attack against the City of Dallas on Wednesday, but staff declined to answer many questions from council members, saying it would be more appropriate to address certain concerns in a closed executive session.
Staff delivered an “After Action Review” of the purported ransomware attack to council members during a briefing. The presentation was intended to be delivered two weeks ago but was postponed. Its contents have been previously covered by The Dallas Express.
Staff revealed that more than a full terabyte, or the equivalent of more than 800,000 files, of City data was obtained by hackers between April 7 and May 3. The incident is currently under investigation by federal officials.
Council Member Paul Ridley asked staff how hackers obtained the credentials used to access City systems, but Chief Information Office Bill Zielinski said that question would have to be answered during an executive session not open to the public.
Council Member Cara Mendelsohn asked how far back the files that hackers stole go, but Zielinski also recommended that topic not be discussed in an open session.
City staff previously claimed no sensitive information was stolen during the attack but later flipped the script and admitted such information was stolen. Mendelsohn asked Zielinski to clarify this discrepancy.
“There are aspects of that [which] I cannot answer,” he said. “As the forensics investigation progressed and we gained more information — that’s why early on we said, ‘At this point, we do not have an indication that they have data,’ but as we completed that forensics investigation and worked with the cyber experts as well as obtaining other information — that’s what allowed us to get to a point of fidelity around what we believe was accessed by the threat actor.”
Per City Attorney Tami Palamino’s guidance, staff also declined to publicly share whether stolen files were “stored improperly.”
As previously reported by The Dallas Express, hackers allegedly stole the personal information of more than 26,000 people, including children. The City had previously insisted that such data had not been compromised, claiming there was “no indication that data from residents, vendors, or employees has been leaked.”
However, City Manager T.C. Broadnax maintains the City did a “great job” responding to the purported ransomware attack. He maintained that the City’s overall response was successful but admitted its messaging was poor.
The alleged attack has cost the City millions of taxpayer dollars, as previously covered by The Dallas Express.