Data allegedly from the recent cyber attack on Dallas County systems has been posted online, county officials confirmed on Tuesday.
Dallas County Judge Clay Jenkins said officials were “aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident.”
Jenkins said county officials were “thoroughly reviewing the data in question to determine its authenticity and potential impact.”
It wasn’t yet clear what specific data was accessed or posted.
The ransomware cybercrime organization known as “Play” claimed responsibility and had threatened to reveal private county documents on Nov. 3.
Jenkins had released a statement on Oct. 30 confirming that a cybersecurity attack affected the county’s systems earlier that month. Jenkins said the county became aware of an incident affecting “a portion of its environment” on Oct. 19, and said the county both immediately took steps to contain it and engaged an outside cybersecurity firm to start an investigation into the breach.
Dallas County shared in an update last week that, due to containment measures, the data exfiltration from the county’s environment was interrupted, preventing any encryption of its files or systems. County officials said the incident appeared to have been effectively contained, partly due to implemented security measures – including extensive deployment of an endpoint detection and response tool, forcing password changes for all of the systems’ users, requiring multi-factor authentication and blocking ingress and egress traffic from IP addresses found to be malicious.
See here and here for the background, and here for the county’s statement. It may be that the Dallas County IT department responded quickly to contain the malware, but not in time to stop the exfiltration. At this point we know they have some data. The logical assumption is they have more, but we’ll see. Good luck, y’all. The Record and the Dallas Observer have more.