Dallas officials said the City mistakenly alerted The Dallas Express that it was experiencing a cybersecurity attack in October. The mishap came as Dallas County fought off a cybersecurity attack of its own.
Nancy Gonzalez, an open records manager, said her office forgot to remove automatic replies to open record requests that stated the City’s May cybersecurity attack led to processing delays. The May ransomware attack led to 800,000 stolen files and is still under investigation.
The automated message from the City was sent out to The Dallas Express on two occasions in October.
“Due to a cybersecurity incident, the City is experiencing service interruption and is working to restore services,” read the Open Records Unit auto-reply received by The Dallas Express. “Additionally, various city departments are unable to access records, including information maintained solely in digital format, such as e-mails, and compliance with the request is not feasible at this time.”
“Expect delays in receiving responsive records. We anticipate providing documents within ten business days of when the City fully restores access to digital information. Please consider resubmitting your request at a later time. We appreciate your patience during this time,” the message continued.
City officials said this message was sent accidentally and that they did not experience a cybersecurity incident in October.
“When the cyber-attack took place back in May 2023, the City of Dallas Open Records Center sent automatic replies to our requesters just to inform them their request has been received,” Gonzalez told The Dallas Express. “It also informed them due to the cyber-attack, their records may be delayed. After the cyber-attack incident, we failed to remove the automatic reply that was sent to the requesters.”
An open records request filed with the City by The Dallas Express in August — after city servers recovered from the May ransomware attack but before the two recent filings — did not prompt the message. The City did not explain why the automated message was only sent in response to the requests in October.
Dallas County published a statement Monday confirming it dealt with a cybersecurity incident on October 19. A ransomware cybercrime organization titled “Play” took credit for the attack. The County released another statement Tuesday claiming it had “effectively prevented any encryption of its files or systems.”
City officials told The Dallas Express the County’s cybersecurity event in October did not impact their operations.
The Dallas Express filed a separate open records request last week on any “cybersecurity incident” affecting the City government in October. The automated message about cybersecurity was not sent, and the request was returned with no records.
