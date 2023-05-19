An online blog post by a group claiming responsibility for Dallas’ ransomware attack says a leak of employees’ personal information and other data stored by the municipal government will happen soon.
In the post Friday, Royal noted the city saying there was no evidence that data from residents, vendors or employees has been released from Dallas servers after the May 3 attack. The hacker group in the post replied that “the data will be leaked soon.”
“We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients’ information and thousands and thousands of governmental documents,” the post said. As of Friday morning, no city information has appeared on the website, which lists at least several dozen other organizations the group claims to have taken data from, such as the Lake Dallas Independent School District.
Some of the posts about other organizations are accompanied by links to download files Royal claims to have stolen, but many others have no link.
The Texas Attorney General’s website lists the Lake Dallas Independent School District in its reports of data security breaches as of May 4. It says almost 22,000 Texans were impacted with names, addresses, Social Security information, driver’s license numbers, and financial and medical information among the data affected.
The AG’s office’s website said potential victims were notified by mail, but doesn’t list the name of any person or group responsible for the data breach.
The city of Dallas in a statement Friday said officials were aware of the website post and that personal information hasn’t been exposed
“We continue to monitor the situation and maintain there is no evidence or indication that data has been compromised,” the statement said. “Measures to protect data are in place.”
Ransomware is often used to extort money from organizations by threatening to block access to files or release confidential information unless money is paid.
The FBI said it can’t confirm whether the website that features the threat against Dallas is authentic.
FBI Dallas said this is typically a tactic used by a group when they haven’t yet received what they wanted, like money. Melinda Urbina, an agency spokeswoman, declined to comment specifically on Dallas’ case other than to say a criminal investigation is ongoing.
“What we always tell people that have been victims of ransomware is to not pay the ransom because there’s never any guarantees that they won’t release data or that they aren’t still in your system,” she told The Dallas Morning News. “You’re trusting a bad guy to be honest with you.”
The city said several servers were compromised with ransomware early May 3 and that it intentionally took others offline to prevent the bad software from spreading. It led to several departments being hampered and some city services being unavailable, such as residents being unable to pay their water bills online or not being able to report non-emergency complaints via the city’s 311 app.
The city has said it could take weeks or months until services are fully restored. Though several city departments are close to back to normal, like 311, there are some still heavily impacted. The municipal court can’t take any payments for citations or documents in person, online or by phone and all trials, hearings and jury duty have been canceled.
The Police Department has been having trouble getting some evidence that is on share drives and servers, which attorneys have told The News could delay criminal court cases.
City officials haven’t elaborated on how the ransomware attack happened or the scope of the impact.
Wake Up with the DR-C: Get today's headlines in your inbox
Success! An email has been sent to with a link to confirm list signup.
Error! There was an error processing your request.