HQ/EMEAFind out how we can help your business
Dallas County is warning over 200,000 individuals that the Play ransomware attack, which took place in October last year, exposed their personal information to threat actors.
The Play ransomware group included the Dallas county in its extortion site.
The Play ransomware gang added Dallas to its dark web extortion site, threatening to leak the stolen data, including private information from numerous departments. A few days later, the city identified the event in a statement on its website, assuring the public that they were investigating the leaked data when Play published it in November last year.
Moreover, Dallas established a specialised call centre in January due to the lengthy nature of the stolen data review and public concern. The website was updated yesterday with an update on the event and 201,404 affected persons.
The confirmed data types exposed to the threat actors include full names, Social Security Numbers, dates of birth, driver’s licenses, state IDs, taxpayer IDs, medical information, and health insurance information.
Those with compromised SSNs and taxpayer identification numbers will receive a 24-month credit monitoring and identity theft protection.
Furthermore, the county has strengthened its networks with many security measures, such as adopting Endpoint Detection and reaction (EDR) solutions across all servers, requiring password changes, and blocking malicious IP addresses to prevent similar events from occurring in the near future.
Dallas County and the City of Dallas have recently been the subject of various cybersecurity incidents in the past months. In November last year, a Dallas County employee fell victim to a social engineering campaign by BEC hackers, who submitted a fake payment of $2,400,000.
In another incident last year, the City of Dallas became a victim of a Royal ransomware attack, forcing it to shut down some parts of its IT infrastructure, including police communications. Researchers discovered that the group was producing ransom notices on the city’s printers, which had fallen into the attackers’ hands.
It was then discovered that Royal operators used stolen account credentials to establish persistence to the compromised systems from April 7 to May 4. During the hacker’s stay within the system, they successfully exfiltrated more than 1 TB of data.
Residents should be careful not to engage in unsolicited communications since the Play ransomware group could utilise the stolen information to conduct targeted phishing campaigns.
