Computer hackers stole nearly 1.2 terabyte of data — equal to roughly 819,000 files — stored by the city of Dallas over a month this spring, officials say.
An internal review of Dallas’ ransomware attack determined files associated with the breach were on roughly 996 of more than 15,000 computers, servers and other devices connected to the city’s network, Bill Zielinski, the city’s chief information officer, told The Dallas Morning News on Tuesday. He said 230 servers and 1,168 workstations were also hit during the attack. One hundred servers were ultimately removed from the city’s network.
“As part of the remediation and restoration activity, every server, workstation and other host device was thoroughly reviewed for potential impact,” Zielinski said.
The amount of data leaked is some of the newest information about the ransomware attack that the city has released to the public. It was included in a slideshow presentation that Zielinski and other city officials are scheduled to give to the Dallas City Council Wednesday. But the city still does not specify what files were stolen or how hackers were able to have access to Dallas’s network from April 7 until being discovered by the city on May 3. It also doesn’t clearly explain several other aspects of the attack and the city’s reaction to it.
Dallas holds nearly four petabytes of data, according to the city. One petabyte equals 1,000 terabytes. Zielinski said the leaked data makes up .0003% of the total amount of data held by the city. He noted that the total includes “hundreds of millions of files of varying sizes,” from text documents to large videos.
In the case of the attack, hackers accessed some of the most sensitive information stored by the city, including medical information, health insurance information and Social Security numbers of Dallas employees, retirees and their relatives. The personal information of at least 30,253 people was exposed, though city officials believe that number could increase later this year after further review of the data breach.
In a memo to the City Council, Chief Financial Officer Jack Ireland said city officials would disclose more details about the attack during a closed session meeting Wednesday because of concerns over cybersecurity. He said the city would publish a more detailed report of what happened after the City Council meeting.
“As there is still an active federal criminal investigation into the threat actor, some information is limited in distribution,” Ireland wrote.
Royal, the ransomware group city officials have identified as the culprits of the cyberattack, were encrypting files and made ransom requests, the slideshow said. It’s not clear how much money was requested from the city or if any ransom has been paid.
The hacker group has publicly threatened to release city employees’ personal information, but that hasn’t appeared to have happened as of Tuesday.
The hacking impacted all city departments, the slideshow said, and Dallas is described as being 99.9% recovered from the attack.
“As of the date of this memorandum, services have been restored and IT operations normalized,” Ireland said in his memo.
The city last month sent 27,000 letters to people impacted by the data breach informing them of the leak and offering them two years of free credit monitoring.
The City Council on Aug. 9 approved setting aside nearly $8.6 million to pay vendors for hardware, software, incident response and consulting services in response to the ransomware attack.
The city has been criticized by some for how it has communicated information about the ransomware attack, with city officials saying they knew personal information was exposed as early as June 14, but didn’t send any public notification about it until a month later.
City Manager T.C. Broadnax and other officials have defended the delay, saying it was necessary for city officials to be as precise as possible about what data had been accessed and who was affected.