DALLAS — More than 200,000 people had their personal information, such as Social Security numbers, medical information, health insurance information, and other information exposed in a Dallas County ransomware attack in October, county officials confirmed this week.
According to a notice published Wednesday on the Texas Attorney General’s website, 67,701 Texans were impacted in the data breach and notice was provided to consumers.
County officials said they became aware of the incident Oct. 19, took steps to contain the incident and began working with third-party cybersecurity experts to investigate the incident and began notifying those impacted July 10. Those impacted are eligible for two years of free credit monitoring and identity theft protection services.
A ransomware cybercrime organization known as “Play” claimed responsibility for the cyberattack in November and data allegedly taken during that attack was published online. Since the cyberattack, the county says it’s implemented new measures to secure data, including mandating password changes and blocking suspicious IP addresses, among other changes.
“The County might hold information about individuals for several reasons: they could be a resident, an employee, or they might have received services from or interacted with one of our agencies (e.g., Department of Health and Human Services). Additionally, the County participates in data-sharing agreements with other organizations to enhance the services we offer to our residents and the public,” a notice on the county website about the information potentially involved reads. “While the information affected by this incident varies based on the individual and their association with the County, this incident primarily involved the following information: name; Social Security number (SSN); date of birth; driver’s license/state identification number; and taxpayer identification number. For some individuals, certain types of medical information (e.g., diagnosis or conditions information) and health insurance information may be involved.”
Those who suspect their information may have been impacted in the data breach are asked to call 1-888-330-2852.
It’s not the first cybersecurity issue impacting Dallas. Last May, the city suffered a ransomware attack that crippled city systems for months and exposed information related to more than 30,000 people connected to the system.