In the October 2023 ransomware incident, Dallas County experienced a significant security breach, with over 200,000 individuals' personal information compromised. Among the data exposed were names, Social Security numbers, dates of birth, driver's license or state ID numbers, and for some, medical and health insurance information. Despite refusing to pay the ransom, the Play ransomware group published the stolen documents, prompting Dallas County to enhance its cybersecurity measures, including deploying EDR tools, initiating password changes, and blocking malicious IP addresses. They also offered credit monitoring and identity theft protection to affected individuals.
Source: https://securityaffairs.com/165623/cyber-crime/dallas-county-ransomware-attack-impacts.html
TPRM report: https://scoringcyber.rankiteo.com/company/dallas-county
"id": "dal000071324",
"linkid": "dallas-county",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 200000,
'industry': 'Public Administration',
'location': 'Dallas, Texas',
'name': 'Dallas County',
'type': 'Government'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 200000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
"Driver's license or state ID "
'numbers',
'Medical and health insurance '
'information']},
'date_detected': '2023-10',
'description': 'In the October 2023 ransomware incident, Dallas County '
'experienced a significant security breach, with over 200,000 '
"individuals' personal information compromised. Among the data "
'exposed were names, Social Security numbers, dates of birth, '
"driver's license or state ID numbers, and for some, medical "
'and health insurance information. Despite refusing to pay the '
'ransom, the Play ransomware group published the stolen '
'documents, prompting Dallas County to enhance its '
'cybersecurity measures, including deploying EDR tools, '
'initiating password changes, and blocking malicious IP '
'addresses. They also offered credit monitoring and identity '
'theft protection to affected individuals.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
"Driver's license or state ID numbers",
'Medical and health insurance information'],
'identity_theft_risk': True},
'motivation': 'Financial',
'ransomware': {'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'Play'},
'response': {'containment_measures': ['Deploying EDR tools',
'Initiating password changes',
'Blocking malicious IP addresses'],
'remediation_measures': ['Credit monitoring',
'Identity theft protection']},
'threat_actor': 'Play ransomware group',
'title': 'Dallas County Ransomware Incident',
'type': 'Ransomware'}