The City of Dallas has previously maintained that no employee data were leaked during the reported ransomware attack in May, but City Manager T.C. Broadnax now says hackers gained access to the information of City workers.
Broadnax told City employees in an email obtained by The Dallas Morning News.
“We understand the concern this incident may cause and please know we are working to provide the necessary resources and support for our employees,” he added.
The City confirmed the data breach in a statement sent to The Dallas Express by communications director Catherine Cuellar.
“Through the ongoing investigation, the City of Dallas became aware that some information maintained by the City of Dallas, including some benefits-related information maintained by the City’s Human Resources department, was accessed by the unauthorized third party responsible for this ransomware incident,” the statement read. “We will be making the appropriate notifications in accordance with our obligations.”
The City has long suffered from transparency issues across several departments under Broadnax’s management, as covered extensively by The Dallas Express.
As previously reported by The Dallas Express, the City of Dallas had repeatedly maintained that there was “no indication that data from residents, vendors, or employees has been leaked.”
The City held this position even after Royal Ransomware, the group that claimed responsibility for the attack, threatened to release data two weeks after the attack.
“We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients’ information and thousands and thousands of governmental documents,” the group said.
The City responded to the threat by saying, “[We] maintain there is no evidence or indication that data has been compromised.”
In the two months since Royal Ransomware made this threat, the group has not released any of the information it threatened to leak.
The FBI’s criminal investigation into the ransomware attack is ongoing, FBI Dallas office spokesperson Melinda Urbina told DMN on Friday.
In Broadnax’s email to City employees, he said that employees will receive a notice in the mail in the coming weeks with instructions on how to sign up for credit monitoring services paid for by City of Dallas taxpayer funds.
Furthermore, Broadnax suggested that employees “learn more about how to protect your data” on the Federal Trade Commission’s website.
As reported by The Dallas Express, the City has attributed persistent failures to provide accurate crime data and continued problems with the building permit process under Broadnax’s leadership to the ransomware attack that allegedly occurred nearly three months ago.
