The initial cleanup from a May ransomware attack that took most of Dallas’ services offline and disrupted operations for weeks bears a heavy financial cost for the city’s taxpayers.
The Dallas City Council on Wednesday approved a payment of almost $8.6 million to pay vendors for services linked to the cyberattack. The city did not name all of the vendors but previously identified CrowdStrike as its incident response partner.
The bill covers invoices from “various vendors for emergency purchases of hardware, software, professional services, consultants and monitoring services,” the city said in a statement.
The attack also raised significant personal data privacy concerns for city employees and their family members. The personal data of more than 26,000 individuals was compromised as part of the attack, including names, addresses, social security numbers and medical and health information, according to a data security breach report Dallas filed last week.
Dallas said it didn’t confirm files containing sensitive information on individuals were compromised until June 14. The threat actor intruded the city’s network and exfiltrated data between April 7 and May 4, Dallas said in an update earlier this month.
The city filed the data breach disclosure almost two months after it first learned PII was exposed.
Royal, the threat actor responsible for the attack against Dallas, previously threatened to leak sensitive data if the city didn't pay the ransom. A follow through on that threat remains uncorroborated.
Service availability remained unsteady throughout May but by early June the city said systems were more than 90% restored.