Undetected Third-Party Accesses City of Dallas Servers for Over a Month #ITCouldBeWorse

PK Tech Blog Image (36)

It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. At PK Tech, our goal is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware – without being afraid – of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity. 

This month, we’re highlighting an attack on the City of Dallas, which says a third party downloaded city data from their servers undetected for over a month as part of a major ransomware attack.

What happened, what was the fallout, and why should you care? 

We’re covering it all here. Let’s dive in.

What the “Hack” Happened? 

According to the City of Dallas, a third party had access to city systems from April 7 to May 4 2023, without any incidents being detected until May 3. The unauthorized actors downloaded city data from servers as part of a major ransomware attack on the city. No incidents were detected for nearly a month, leaving outstanding questions about the data lost and individual privacy affected.

The Fallout

Since discovering the attack on May 3rd, the city has launched an internal investigation as well as recruited the help of a team of cybersecurity professionals. The goal is to discover the cause of the incident and review any information jeopardized or lost.

As part of the investigation, city officials and cybersecurity teams carefully reviewed each system and each device to ensure they were free of malicious malware installed by third-party actors. This meant addressing every computer, including those in city-issued police cars and fire department vehicles. 

During the investigation, much of the city’s operations had to operate without the help of technology. All reports, including crime scene reports, were being handwritten and manually imputed. Police officers and other city personnel were racking up extra hours every day, manually uploading reports without the assistance of IT systems that were down for investigation. 

As of June 14, the investigation concluded that malicious third-party actors accessed files containing sensitive information. This included full names, social security numbers, addresses, clinical information, and insurance information. 

As the investigation continued, the city worked to notify residents and city employees who may have been affected by a breach of privacy.

In late June, the City of Dallas invested $3.9 million in a “threat and anomaly detection system”

Lessons Learned #ITCouldHaveBeenWorse

As far as the city currently knows, fraud and identity theft were avoided during the month-long incident. In the spirit of caution, however, the City of Dallas is providing affected individuals with two years of free credit monitoring and identity theft protection services — a wise move in the spirit of liability. 

The city also put more security measures in place so it doesn’t happen again – another wise move on their part. In the world of ransomware attacks, there is always the goal of avoiding attacks altogether and then the goal of quickly detecting attacks if and when they do occur. In the case of the City of Dallas, they failed on both points.

While the city still scrambles to find out why and how the attack happened in the first place, a double failure (the attack occurring and the inability to quickly detect it) could have led to much worse consequences. Overall, the City of Dallas survived without significant negative fallout, prompting us to repeat our favorite line, #ITCouldBeWorse.