After months of claiming there was no evidence that alleged cybercriminals have released employees’ personal information, the City of Dallas acknowledged that the purported ransomware attack in early May allowed hackers access to human resource data.
As previously reported by The Dallas Express, City officials claimed a ransomware attack carried out by the group Royal affected multiple computer systems, leading to temporary disruptions of City services — including emergency response communications. The purported hackers also threatened to publish the personal information of City employees.
“We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients’ information and thousands and thousands of governmental documents,” wrote Royal on its dark web blog.
City Manager T.C. Broadnax emailed City employees on Tuesday, offering few details as to whose data might have been exposed and what personal information could have been gleaned from the alleged hack. However, he did note that some of the data was “benefits-related,” according to The Dallas Morning News.
“We’ve learned that some information maintained by the city’s Human Resources department was accessed by the unauthorized third party responsible for this ransomware incident. We will be making the appropriate notifications in accordance with our obligations,” wrote Broadnax, CBS News Texas reported.
Broadnax’s notification will likely put him at greater odds with some of the City employee unions that have been criticizing him over his handling of the alleged ransomware attack and its fallout.
In a May letter to Broadnax, Dallas Police Association President Mike Mata and Dallas Fire Fighters Association President Jim McDade claimed the city manager’s office had been misrepresenting the extent first responder services were affected by the alleged ransomware attack.
“Your office repeatedly stated that our operations were not affected in any way and that was flat out false … [T]he city manager’s office was warned in the past few years that the systems in place in Dallas were not sufficient and susceptible to attack and still nothing was done to both protect the city and its employees,” wrote Mata and McDade, as previously reported by The Dallas Express.
The seeming lack of transparency on the part of the City has been an issue for residents, with a plurality of respondents in a poll conducted by The Dallas Express indicating they think officials should be more forthcoming.
“We understand the concern this incident may cause and please know we are working to provide the necessary resources and support for our employees,” wrote Broadnax in the email to City employees.
The city manager’s notification did not mention what departments may have been affected by the exposure of human resources data. The City currently employs more than 13,000 people, according to DMN.
