After first finding out in June that personal, sensitive data was accessed in the May 3 ransomware attack on Dallas city servers, the city has informed state officials that over 26,000 people, which includes members of the public, were impacted by the attack.
“The information included your name, address, SSN, Date of Birth, Insurance Information, Clinical Information, Claims information, Diagnosis, Other Identifier,” according to a letter sent to those whose data was breached.
Dr. Murat Kantarcioglu, a computer science professor at UT Dallas and the director of the university’s security and privacy lab, said there is a high probability any data breached by the hackers during the ransomware attack on the city will eventually result in identity theft or identity theft attempts.
“If you were a past employee or dependent of an employee of the of the city, I would assume even if you don’t receive the letter, you would be hacked,” he said. “This data will be sold, resold and so on. There may might not be [theft] now, but there may be in the future.”
Here’s what you should do if the city tells you your personal data has been breached:
The city is offering “a complimentary two-year membership” to a credit monitoring program “Equifax™ Complete Premier.” The city said enrolling in the program is optional and will not hurt participants’ credit scores.
“Equifax also will help you resolve issues if your identity is compromised,” the letter said.
Letters from the city informing individuals they have been affected also include steps you can take to protect your personal information. The city says people can place a fraud alert and security freeze on their credit files and obtain a free credit report to help protect their sensitive personal information.
In general, cybersecurity experts recommend individuals freeze their credit as soon as they learn their data may have been vulnerable to an attack.
Kantarcioglu said anyone who worked or previously worked for the city of Dallas should immediately freeze their credit and stay on high alert for any emails or phone calls discussing billing, company accounts or any other communications from unknown senders.
“I would advise them to not believe any email or phone call at this time and always verify,” Kantarcioglu said. Once a cybercriminal has access to a person’s social security number of other information, they can create emails, phone calls or other communications that appear to be legitimate, Kantarcioglu said.
“These scams are very credible,” he said.
If you receive a phone call asking you about your account or a billing issue, Kantarcioglu said you should hang up and call the company back directly at the phone number listed on any recent bill you received.
Kantarcioglu also says he freezes his own credit as a precaution, and said it’s easy to unfreeze it with a simple password.
“Freezing your credit would be the first thing I would do without waiting,” he said.
The city said the Equifax program includes “up to $1,000,000 identity theft insurance coverage for certain out-of-pocket expenses resulting from identity theft and fully managed identity theft recovery services.” An activation code for the program should be included in the information mailed to those affected.
“You should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis,” the letter said.
Lastly, the city recommends calling their toll-free response line at 833-627-2708 from 8am to 8pm on business days.
“The privacy and security of your information is important to us, and we sincerely regret any inconvenience or concern this incident may cause you,” the city said.