Dallas data leak threatened by ransomware attackers

Not good.

An online blog post by a group claiming responsibility for Dallas’ ransomware attack says a leak of employees’ personal information and other data stored by the municipal government will happen soon.

In the post Friday, Royal noted the city saying there was no evidence that data from residents, vendors or employees has been released from Dallas servers after the May 3 attack. The hacker group in the post replied that “the data will be leaked soon.”

“We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients’ information and thousands and thousands of governmental documents,” the post said. As of Friday morning, no city information has appeared on the website, which lists at least several dozen other organizations the group claims to have taken data from, such as the Lake Dallas Independent School District.

Some of the posts about other organizations are accompanied by links to download files Royal claims to have stolen, but many others have no link.

The Texas Attorney General’s website lists the Lake Dallas Independent School District in its reports of data security breaches as of May 4. It says almost 22,000 Texans were impacted with names, addresses, Social Security information, driver’s license numbers, and financial and medical information among the data affected.

The AG’s office’s website said potential victims were notified by mail, but doesn’t list the name of any person or group responsible for the data breach.

The city of Dallas in a statement Friday said officials were aware of the website post and that personal information hasn’t been exposed.

“We continue to monitor the situation and maintain there is no evidence or indication that data has been compromised,” the statement said. “Measures to protect data are in place.”

See here for the most recent update. This is a bad scenario for Dallas if what the Royal group is claiming is accurate. If they really do have this kind of personal data of various people and they make it public, that’s not only a legal liability for Dallas, it’s also a terrible look for them since they’ve been saying they didn’t think any such data had been exposed. Again, if this is accurate, it means that either they didn’t have a good handle on what had been done by the attackers, or they just weren’t honest about it. Perhaps the attackers are conflating data taken from one breach with data taken from another, in which case it might not specifically be the city of Dallas’ fault, but that won’t be of much comfort to anyone whose data may be involved. We’ll just have to see when it shows up.

If this kind of data does get published, and it can be traced to the city of Dallas attack, then that raises bigger questions about how they did their business and how they responded to the attack. It also raises the stakes for every other government entity in Texas, since at this point Royal has a track record, and the locals aren’t doing enough to defend and protect themselves. I’d consider this a much bigger and more urgent problem than anything the Lege is dealing with right now, but then I don’t get the vapors at the thought of a drag queen or a kid reading “Heather Has Two Mommies”. The Dallas Observer has more.

Meanwhile, even if the personal data question turns out to be less than threatened, there are still other ongoing problems that have no end in sight.

Dallas police are struggling to access physical and digital evidence amid an ongoing ransomware attack that is disrupting trials, according to defense lawyers who are exasperated after more than three months of pervasive evidence storage issues.

The consequences played out Thursday in a murder trial, where a man was found guilty despite evidence being unavailable to jurors or lawyers. Last week, a jury couldn’t reach a unanimous verdict in another murder trial, where police were unable to produce a phone or shell casings.

“It’s the Stone Age again,” said Douglas Huff, president of the Dallas Criminal Defense Lawyers Association.

“This has pretty extensive implications,” he said. “Ultimately, all of this is causing horrendous delays and a clear message is that justice that is delayed is justice that is denied.”

The ransomware attack initiated by the group Royal on the city of Dallas has stretched into a third week, downing several departments. The city has said it could take weeks or months until services are fully restored.

While the county, which administers the courts, is not directly affected, some cases could be paused because electronic evidence catalogs are inoperable, communication is breaking down and internal police share drives and servers are compromised, according to attorneys.

Before the attack, the Dallas Police Department’s digital media evidence team was already sorting through hundreds of murder and capital murder cases to look for deleted digital evidence — an “incredible problem” affecting people accused of crimes, Huff said. That review is now on hold, according to police spokeswoman Kristin Lowman.

Claire Crouch, a spokeswoman for the Dallas County District Attorney’s Office, said Wednesday that it would be impossible to determine whether any cases would be affected by the ransomware attack.

The next day, the office sent out a news release saying prosecutors are working with Dallas police to “mitigate the impact.”

“We understand that timeliness is crucial in maintaining public safety and public trust, and we remain resolute in our dedication to upholding the law and ensuring that cases are filed and prosecuted effectively,” the statement Thursday said.

“We anticipate that the longer this goes on, the greater chance for obligations on the DA’s part will be affected.”

Lowman said city officials are working to bring the police evidence cataloging software back online. Without elaborating, she said police are manually accepting, inventorying and retrieving evidence, and the property unit is locating evidence.

The department did not immediately respond to a request late Thursday afternoon for comment about specific cases cited by defense attorneys as having inaccessible evidence.

Additionally, the city’s municipal courts have slowed to a crawl. According to a notice posted on the Dallas Municipal Court’s website, there will be no court hearings, trials or jury duty for the duration of the outage.

My previous inclinations had been to say that Dallas must be confident in its ability to recover from the attack without paying the ransom. I’m less sure of that now, but even if that is still the case, it’s not so good if the recovery in question takes that long. Degraded services aren’t much better than unavailable services.

Related Posts:

This entry was posted in Technology, science, and math, The great state of Texas and tagged , , , , , , , . Bookmark the permalink.

16 Responses to Dallas data leak threatened by ransomware attackers

  1. I hope Harris County is much better prepared against cyber attacks than Dallas, but I doubt it considering who Commissioners Court had running HC Universal Services. With Mr. Noriega finally fired, let’s hope Judge Hidalgo and Commissioners Court prioritize applicant qualifications over politics (this time) when they select his replacement. For more, see my blog post link below:


  2. Manny says:

    What utter nonsense to conclude that the person on top is to blame?

    I guess Abbott is responsible for all the crimes in the state.

    Is Musk responsible for the rocket exploding?

    Why come to what is considered a Democrat blog to promote fascist party propaganda?

  3. C.L. says:

    A viewpoint or opinion or determination other than your own is now considered fascist party propaganda ?

    What a strange, strange place we now all occupy.

  4. Manny, when the new top I.T. guy, Mr. Noriega, runs off 23+ Harris County JWEB veteran employees (database administrators, programmers, QC staff, business analysts), he is directly responsible for the inevitable fallout (see media link below for details). If Mr. Noriega had any expertise at all in the I.T. field, maybe he could have done a better job. Instead, IMHO, he was just another incompetent, unqualified, political crony appointed to a top county position.

    Also, “fascism” is generally defined as a political movement that embraces far-right nationalism and the forceful suppression of any opposition, all overseen by an authoritarian government. There’s nothing about my moderate-viewpoint political blog that is fascist or promotes fascist propaganda.


  5. Manny says:

    Greg, your conclusions are not logical?

    Is he responsible for what happened in Dallas?

    Is Musk a programmer?

    Abbott is an attorney, what did he know about managing a state?

  6. Manny, President Truman (“the buck stops here”) is rolling over in his grave. Just kidding. Managers can delegate authority, but not accountability. In this case, Mr. Noriega was appointed to run a complex, highly technical county department. He then ran off a lot of his veteran JWEB staff, even though he had no I.T. expertise himself. Without an I.T. background, Mr. Noriega may not have even understood how his actions were going to eventually impact operations. When the JWEB system eventually crashed, five county department heads, including three elected county officials (all Democrats), publicly accused Mr. Noriega of mismanaging HC Universal Services. Still, Commissioners Court members continued to support their political appointee until the sexual harassment fiasco came out this week. I think we can both agree Mr. Noriega was probably not the best person for the job.

  7. Ross says:

    If it took 23 people to support JWEB then something was seriously wrong. It shouldn’t take more than 6 or 7.

    Greg, your blog doesn’t read like a Democrat blog at all.

  8. Ross, I would agree it doesn’t read like a liberal or progressive Democratic blog. There are many moderate Democrats out there that believe the Democratic Party has moved too far to the left and we would like to see the Party move back towards the political center. To that end, most HarrisCountyDemocrats.com blog posts reflect a moderate’s viewpoint on current issues (e.g. abortion, immigration, border security, crime, taxes, gun control, the economy, the homeless, the county jail). Another difference is that we are also more willing than most Democratic blogs to call out our own political leaders when they faulter and could hurt the local Party (e.g. corruption scandals, wasteful spending, no-bid contracts, reckless bail bond practices). Just because Republicans often nominate, vote for, and support horrible politicians (e.g. Trump, Paxton, Cruz) doesn’t mean we should give our duds a free pass. Instead of an echo chamber, we offer candid opinions and feedback. Anyway, anyone who doesn’t like the blog can just click on something else. Still, our readership climbed quiet a bit last year leading up to the mid-term elections. I hope that pattern continues next year.

  9. Manny says:

    C.L. are you defending fascists and their beliefs?

    Don’t you think that Republicans have become fascists?

    Maybe it is the hair?

  10. Manny says:

    Greg, we don’t have to drag our side through the mud; the other side, the fascist side, will do a darn good job of it. Even when it is not true, they just make up stuff.

  11. Manny, Republicans often give their own politicians a free pass, no matter how unethical or corrupt they may be (e.g. Trump, Santos, Paxton). Democrats don’t. That’s a fundamental difference between the Parties. We actually expect our politicians to do a good job, and we try to hold them accountable when they don’t. That’s a feature in our Party, not a bug.

  12. Manny says:

    Greg, What does that have to do with you dragging Democrats through the mud? What does the firing of Noriega have anything to do with your bad-mouthing (writing) about Hidalgo and the commissioners?

    Why not use those writing skills to go after Republicans? Start with any of them that voted against impeaching Trump.

    If one disagrees with you, they are too far to the left. Join Bill King.

  13. C.L. says:

    A member of a political party, or an individual who (internally) aligns with a political party, can’t hold an viewpoint or opinion or determination that may be perceived as criticism of said party ?

    What a strange, strange place we now all occupy.

  14. Manny says:

    C.L., glad you came out of the cave.

  15. Pingback: Dispatches from Dallas, May 26 edition – Off the Kuff

  16. Pingback: Yet another Dallas ransomware update – Off the Kuff

Comments are closed.