Dallas County said Monday that it became aware of a “cybersecurity incident” on Oct. 19, and on Oct. 28 posts surfaced on the dark web from a group that claims it has information from Dallas County.
Here’s what we know and don’t know:
Has there been a ransomware attack against Dallas County government?
Social media posts claim the county has been victim of a ransomware attack, but so far the county has not verified whether that’s the case. County Commissioner John Wiley Price said the dark web posts have not been verified.
“We just know that it’s a claim,” he said in an interview.
Has data been stolen?
We don’t know. Ransomware groups sometimes threaten to publicly release information unless the victims pay. They also can make the victim’s data inaccessible until the ransom is paid. The county has not yet detailed whether either of these things has happened.
When did the incident occur?
Dallas County said Monday it became aware of a “cybersecurity incident” on Oct. 19. The county has not released any details about when the incident might have initially happened. Texas law requires local governments to report “security incidents” to the Texas Department of Information Resources “within 48 hours after discovery,” according to the agency’s website. “A breach or suspected breach of system security,” or “the introduction of ransomware” falls under the definition of “security incidents,” the website showed.
Who is claiming responsibility?
Some cybersecurity experts on X, formerly Twitter, have said a cyberhacking group called Play claimed responsibility for the attack and shared screenshots from the dark web Monday. The screenshots showed that the group created the post Saturday.
Haven’t we been through this before?
The City of Dallas and the Dallas Central Appraisal District have both been recent ransomware targets. In April, hackers stole more than 800,000 files from the city using stolen credentials. In 2022, DCAD’s website was hit on Election Day.
Were residents’ personal data stolen?
It’s just too early to say. The county says its priority is assessing what happened, and it has not released information about the nature of the attack or what data might have been accessed. It took the city four months to release a full timeline of what happened in the ransomware attack by the group Royal.