Dallas cyberattack response is eroding public trust | #ransomware | #cybercrime

Three months after a ransomware attack, the city of Dallas is showing a condemnable lack of transparency that is eroding the public trust. Yes, the city needs to be cautious about the information it shares, especially during an ongoing FBI investigation, but the lack of disclosure has now plainly put Dallas residents and city employees at greater risk of harm.

We only learned this week that hackers had access to the personal information of more than 26,000 Texans, according to reporting from our colleague Everton Bailey Jr. The data breach includes names, addresses, social security information, medical information and health insurance information, according to the city’s notice to the Texas attorney general.

City officials became aware May 3 of a suspected ransomware attack. By mid-June, officials were aware that personal data had been accessed. According to our colleagues’ reporting, it wasn’t until July that City Manager T.C. Broadnax told employees in an email that some human resources data was exposed. It took the city a total of 97 days since learning of the attack to report, not to the public, but to state officials, just how extensive this breach was. And to be clear, that report is required under the law.

“This is a very time-intensive process, and we apologize if it caused concern,” Broadnax told us in an emailed statement. “The initial phase of the investigation and data review was completed in late July determining whose and what information was involved in the incident. That investigation and review remain ongoing.”

As a public official, Broadnax needed to be more forthcoming through this process to provide information to the public about the potential risk and the extent of the attack. Where was the announcement to the public? Where was the press conference to offer answers to tough questions about what information might be compromised and who might be at risk?

Dallas officials needed to prepare residents for the possible consequences and lay out worst-case scenarios. Instead, they chose to share tidbits of information with the public and even city employees guessing whether they might be affected.

The city is mailing notices to employees and residents whose information may have been stolen. This is a belated response. As we learned from our colleague Jason Beeferman’s reporting, some employees are already receiving credit alerts and unsolicited credit cards, evidence that their information may have been stolen.

It is no secret that municipalities are vulnerable to these sorts of attacks. The fact that Dallas was successfully attacked is not something to condemn, but to learn from. But the city’s response to the public and its own employees has been a failure. And that’s a shame.

We welcome your thoughts in a letter to the editor. See the guidelines and submit your letter here. If you have problems with the form, you can submit via email at [email protected]

Source link

National Cyber Security