(844) 627-8267
(844) 627-8267

‘That’s new to me’; some Council members oblivious to 26K impacted | #ransomware | #cybercrime

This week, Dallas officials via the Texas Attorney General’s filings, revealed for the first time personal information for as many as 26,212 people has been breached, a revelation that came months after the city first shared news of the May 3 ransomware attack.

The notice to the state, required by law, was the first time a number was put on the amount of people who could be impacted by the data breach. City officials have cited an ongoing criminal investigation as a reason for providing few details in the months since.

Now at least three council members say they were unaware of the huge number, and 10 others, including Mayor Eric Johnson, did not respond to requests for comment.

City Manager T.C. Broadnax also has not responded to repeated requests for comment by The Dallas Morning News.

The three council members said city officials never informed them of the widening scope of the data breach and they learned of it with the report to the attorney general, and at least one other council member said she and her husband are among the 26,000-plus impacted.

“To my knowledge, I don’t know anything about that number. That’s new to me,” Tennell Atkins, the council’s mayor pro tem, told The News on Wednesday. “I know letter notifications were sent out, but no one told us how many letters went out or (how many people were) impacted.”

Council members Zarin Gracey, Atkins and Jaynie Schultz told The News they didn’t know about the number and hadn’t been briefed by city staff about the data breach since the City Council went on recess in July.

The trio said they weren’t sure if the mayor or other council members were aware.

“I’m not prepared to speak on that at this time because I haven’t gotten fully up to speed as to how big the magnitude is,” Gracey said when asked about addressing residents’ concerns about their personal information being exposed. He encouraged people who received letters from the city starting last week – that their names, addresses, social security numbers, medical information and other sensitive data were exposed – to enroll in the free two-year credit monitoring service being offered by the city.

Schultz said she and her husband were among those who received the letters. She said her husband doesn’t work for the city and believes his data was exposed because they both have health insurance through the city. She said the notice hasn’t raised concerns for her, saying everyone’s data is “constantly under threat of being hacked.”

“I believe the city did and is doing everything possible to protect its employees and residents,” Schultz said. “But we can’t protect against everything, it’s impossible to do in this day and age.”

Council member Cara Mendelsohn declined to say whether she knew the scope of the people impacted by the ransomware attack ahead of time, but when asked if there was information reported by The News on Tuesday that she wasn’t aware of, she said, “Yes”.

“I think it’s always concerning when there’s a data leak in a data breach, and we should act as fast as possible to notify people so they can take action and the city should take action,” Mendelsohn told The News. “That’s 100% what should happen.”

When asked if she believed that happened in this case, she said, “I don’t have enough information to evaluate that.”

Council member Paula Blackmon declined to comment saying she was out of town for a conference and hadn’t yet spoken to the city manager.

The data breach was the largest disclosed by a Texas city to the attorney general’s office this year, and the tally indicates that the impact reaches far beyond Dallas’ roughly 13,400 employees.

It wasn’t until last week that the city told the public that hackers could have been downloading personal data from city servers between April 7 and May 4. Dallas officials also say they knew by June 14 that hackers had accessed personal information stored on city servers, but that fact wasn’t disclosed until July 18, when Broadnax sent an email to city employees saying some human resources department data was among information exposed during the ransomware attack.

As of Wednesday morning, the city still hasn’t publicly said all the departments that had data accessed by hackers or if non-employees who aren’t relatives of current or former workers also had their personal information exposed.

The City Council is scheduled to meet in closed session Wednesday to discuss the cyberattack. Elected leaders have met at least half a dozen times since May in closed session to discuss the attack’s impact and to consult the city attorney’s office.

Source link

National Cyber Security