Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals.

Dallas County is the second largest county in Texas, with over 2.6 million residents.

In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments.

Dallas acknowledged the incident via a statement on its site a few days later and assured the public they were reviewing the leaked data when Play published it in early November.

As the leaked data review took a lot of time and people were concerned, Dallas set up a dedicated call center in January 2024.

Yesterday, Dallas County posted an update about the incident on its website and sent data breach notices to 201,404 impacted individuals, including Dallas residents, employees, and others who interacted with its public services.

The types of data confirmed to have been exposed vary per individual and include the following:

• Full name
• Social Security number (SSN)
• Date of birth
• Driver’s license
• State identification number
• Taxpayer identification number
• Medical information
• Health insurance information

Those whose SSNs and taxpayer identification numbers were exposed will receive two years of credit monitoring and identity theft protection services.

In response to the breach, Dallas County has implemented several security-strengthening measures on its networks, including deploying Endpoint Detection and Response (EDR) solutions across all servers, forcing password resets, and blocking malicious/suspicious IP addresses.

Dallas’ cybersecurity struggles

Dallas County and the City of Dallas have both dealt with several damaging cybersecurity incidents recently.

In November 2023, a Dallas County employee fell victim to a social engineering attack by business email compromise (BEC) scammers and sent a fraudulent payment of $2,400,000.

In May 2023, the City of Dallas suffered a breach from Royal ransomware, which forced it to take offline parts of its IT infrastructure, including police communications.

BleepingComputer learned at the time that Royal was printing ransom notices on the City’s printers, which had fallen under the attackers’ control.

It was later established that Royal operators leveraged stolen account credentials to maintain access to the compromised systems between April 7 and May 4, during which they exfiltrated over 1 TB of data.