SETTINGS

Reset High Contrast Text Only

-A A A+

Cybersecurity Notification Update

January 9, 2024

Dallas County is aware that an unauthorized party posted data claimed to be taken from our systems in connection with our recent cybersecurity incident. We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and identify any personal information contained within the posted files.

While this review process is ongoing and expected to take some time, the County has partnered with IDX to establish a dedicated call center for individuals to call should they have any initial questions relating to the incident and to obtain complimentary credit monitoring services should they have any concerns. The phone number is (800) 939-4170 and representatives are available between 8 am – 8pm Central Time, Monday through Friday.

What Can Individuals Do?

We understand the concerns that such an incident may raise among our residents, employees, and partners. We want to assure our community that we are taking this matter seriously. In addition to contacting the call center, the County encourages individuals to consider the following recommendations to protect their personal information: 

  1. Review Your Accounts for Suspicious Activity. We encourage you to remain vigilant by regularly reviewing your accounts and monitoring credit reports for suspicious activity. 
  2. Order a Credit Report. If you are a U.S. resident, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. Contact information for the nationwide credit reporting agencies is provided in the next section.
  3. Contact the Federal Trade Commission, Law Enforcement and Credit Bureaus. You may contact the Federal Trade Commission (“FTC”), your state’s Attorney General’s office, or law enforcement, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s websites at www.identitytheft.gov and www.ftc.gov/idtheft; call the FTC at (877) IDTHEFT (438-4338); or write to:  FTC Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

You may contact the nationwide credit reporting agencies at:

Equifax
(800) 525-6285
P.O. Box 740241
Atlanta, GA 30374-0241
www.equifax.com		Experian
(888) 397-3742
P.O. Box 9701
Allen, TX 75013
www.experian.com		TransUnion
(800) 916-8800
Fraud Victim Assistance Division
P.O. Box 2000
Chester, PA 19022
www.transunion.com
  1. Additional Rights Under the FCRA. You have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here.

    Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by:  (i) visiting https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.pdf; or (ii) by writing to Consumer Financial Protection Bureau, 1700 G Street, N.W., Washington, DC 20552.
  2. Request Fraud Alerts and Security Freezes. You may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.

In addition, you can contact the nationwide credit reporting agencies at the following numbers to place a security freeze at no cost to you:

Placing a security freeze prohibits the agency from releasing any information about your credit report without your written authorization. Security freezes must be placed separately at each of the three nationwide credit reporting agencies. When requesting a security freeze, you may need to provide the following information: 

    • Your full name, with middle initial as well as Jr., Sr., II, etc.
    • Social Security number
    • Date of birth
    • Current address and all addresses for the past two years
    • Proof of current address, such as a current utility bill or telephone bill
    • Legible copy of a government-issued identification card, such as a state driver’s license, state identification card, or military identification.

After receiving your request, each agency will send you a confirmation letter containing a unique PIN or password that you will need to lift or remove the freeze. You should keep the PIN or password in a safe place.

For More Information

We are committed to transparency and will provide updates as more information becomes available. All updates will be posted to this webpage. We encourage you to visit it frequently.

We regret any concern or inconvenience this matter may have caused and appreciate your patience and understanding as we navigate through this situation.

 
 

December 1, 2023

Dallas County is aware of an unauthorized party posting additional data claimed to be taken from our systems in connection with our recent cybersecurity incident. We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.

We understand the concerns that such an incident may raise among our residents, employees, and partners. We want to assure everyone that we are taking this matter seriously. Our top priority is the security and privacy of all individuals associated with Dallas County.

Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation. Once the investigation is complete and in the event that our review determines any personal information has been involved, we will notify the affected individuals directly.

We are committed to transparency and will provide updates as more information becomes available. All updates will be posted to this webpage. We encourage you to visit it frequently. Moreover, we encourage everyone to visit the Federal Trade Commission's website at https://consumer.ftc.gov/features/identity-theft. This resource provides valuable information on how to safeguard personal information.

We sincerely appreciate your understanding and patience as we navigate through this situation.

 
 

November 7, 2023

Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident. We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.

We understand the concerns that such an incident may raise among our residents, employees, and partners. We want to assure everyone that we are taking this matter seriously. Our top priority is the security and privacy of all individuals associated with Dallas County.

Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation. As the investigation progresses, when our review determines personal information has been involved, we will notify the affected individuals directly. 

We are committed to transparency and will provide updates as more information becomes available. All updates will be posted to this webpage. We encourage you to visit it frequently. Moreover, we encourage everyone to visit the Federal Trade Commission's website at https://consumer.ftc.gov/features/identity-theft. This resource provides valuable information on how to safeguard personal information. 

We sincerely appreciate your understanding and patience as we navigate through this situation.

 
 

October 31, 2023

Dear Residents and Partners,

Thank you for your inquiry. We value our relationship with you and your confidence in us.  We can share the updated information below about the recent cybersecurity incident impacting Dallas County.

Description of the Incident

As you are aware, on October 19, 2023, Dallas County became aware of a cybersecurity incident affecting a portion of our environment. Once we detected the incident, we retained external cybersecurity professionals to assist in our efforts to contain the threat, investigate the nature and scope of the attack, and enhance our security efforts to reduce the likelihood of recurrence of this type of attack.

Currently, our work with the cybersecurity firm is ongoing. While our goal is to be transparent and forthcoming with information relating to the incident, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances. Because transparency is important to us, however, we are sharing additional information relating to our containment efforts. The County will provide updates as soon as more information becomes available.

Containment and Additional Security Efforts

Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems. It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems. These measures include: 

  1. Extensive deployment of an Endpoint Detection and Response (EDR) tool across servers and endpoints connected to our network.
  2. Forcing password changes for all users to grant access to our systems.
  3. Mandating multi-factor authentication for remote access to our network.
  4. Blocking ingress and egress traffic to IP addresses identified as malicious.

Currently, there is no evidence of ongoing threat actor activity in our environment. Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County's systems are secure for use.

Next Steps

We hope the information we can provide today answers questions you may have about the incident, and we appreciate your patience and understanding as we continue to work through this process. Our team and resources are focused on completing the investigation. We will keep you apprised of relevant developments as the investigation continues through this dedicated webpage. We encourage you to visit it frequently.  

Thank you for your continued partnership and support.