The Dallas City Council Wednesday agreed to pay $8.5 million for expenses related to the ransomware attack first revealed in May.
Officials have declined to say publicly if any ransom is included in the expenses so far. And, it is unclear just how many residents may be impacted by leaked city data.
Officials did confirm Wednesday that 27,000 city employees, retirees and their dependents have received notices that their social security and medical information was accessed.
Dallas Firefighters Association President Jim McDade said he received a letter for himself but also one for his son.
“My son is 10. Now I have to worry for the next however long that something is going to be done with his information,” McDade said.
Southern Methodist University Cyber Security Expert Mitch Thornton said that worry is justified.
“I do see his concern and agree with it,” Thornton said.
Cybercriminals may demand ransom from targets like the city of Dallas to restore hacked operations but they may also profit by financial fraud with the data they steal.
“They can use it themselves to try and open credit lines. Or typically they would post this information or the availability of it on the dark web and then sell it to other criminals,” Thornton said.
In May, the city struggled to get crucial operations like emergency dispatch working again. City courts and many other functions were crippled.
Details were left unclear about the $8.5 million approved Wednesday except for a general description of expenses for software, hardware, forensics experts and two years of credit monitoring for people now getting those letters.
There may be more people connected to the leaked city-data.
“Or even, general residents of the city. What message should we be sharing with them,” Councilmember Jaynie Schultz said.
The one official providing answers in public Wednesday was Assistant City Manager John Fortune.
“So I would just say, this is still an ongoing investigation. We’re still evaluating the magnitude of those individuals who might have been impacted,” Fortune said.
The council went to a closed-door executive session to discuss additional issues regarding the ransomware attack including consultation with lawyers.
“They’ve been hiding behind closed doors and discussing this in executive session all along,” McDade said. “I was angry two months ago, three months ago. I’m frustrated and disgusted at this point. And the amount of information that was out there and the lack of transparency has been one of my biggest issues.”
McDade said officials have told him they learned which individuals were affected by leaked information around June 14. He said some firefighters have found suspicious activity on their accounts in recent weeks before the city got around to sending letters.
Thornton said there is some reason for secrecy around a criminal investigation and a ransomware attack to avoid unnecessary panic.
“I can understand why they would want to be careful before they notify people. On the other hand, I would hope our city officials would notify people as soon as possible,” Thornton said.
City Councilman Chad West said he wants the city to extend the credit monitoring help for longer than 2 years and he is marking his calendar to revisit the issue before then.