Dallas County reviewing data leaked by ransomware gang

Dallas County is in the process of reviewing information leaked by a ransomware gang claiming to have attacked the county last month.

In a statement, Dallas County Judge Clay Lewis Jenkins told Recorded Future News that county officials are aware that the ransomware gang that claimed the attack on their systems has posted purportedly stolen data.

“We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact. Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation,” Jenkins said.

The Play ransomware gang, which is behind several headline-grabbing attacks this year, posted the information it claims to have stolen on Tuesday morning. The gang said it was posting 5 gigabytes of data and would post more “if there is no reaction.” They have not said how much data was stolen in total.

#Play has released data that is claimed to relate to #Dallas County. #ransomware #dallascounty 1/2 pic.twitter.com/D0usRlZTcv

— Brett Callow (@BrettCallow) November 7, 2023

Dallas County officials have said they first noticed the attack on October 19. The county is the second-most populous in the state of Texas, with 2.6 million residents. It is home to Dallas, the ninth-largest city in the country, which has already dealt with its own ransomware attack in 2023.

The county provided an update on November 1 claiming its IT team “interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems.”

“It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems,” the county said last week.

But in a message posted to its website on Tuesday, the county acknowledged that residents, employees, and partners are concerned about the potential for sensitive data to be leaked.

“Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation,” they said.

“As the investigation progresses, when our review determines personal information has been involved, we will notify the affected individuals directly.”

They pledged to provide more updates in the coming weeks and urged county residents to visit the Federal Trade Commission's website for identity theft.

While the county appears to have avoided the kind of costly remediation measures that the city of Dallas spent millions on earlier this year, data theft continues to be one of the most damaging aspects of ransomware attacks.

Emsisoft ransomware expert Brett Callow noted that of the 73 reported ransomware attacks on local governments this year, 41 involved data theft.