According to the FBI’s Internet Crime Complaint Center, Texas consistently places among the top three or four states that suffer the most economic losses from cyber crime.
The area including northern Dallas and Fort Worth is referred to as “Silicon Prairie” because of the high concentration of information tech and manufacturing business there, and this concentration of businesses draws a large number of cyber attacks to the Dallas area. Here are five of the top cybersecurity breaches in Dallas and how they may have been prevented:
1. Texas Health and Human Services Commission Breach
Between 2013 and 2017, the Texas Health and Human Services Commission (HHSC) inadvertently shared the names, Social Security numbers, treatment information, and addresses of 6,617 patients. When the HHSC switched to a new server, they failed to notice that they stored data on a public server rather than a secure network, and the federal government fined them $1.6 million for their lack of HIPAA compliance.
A combination of system and process errors led to the breach. The HHSC should have worked closely with a HIPAA compliance expert during the transfer of their internal applications from one server to another. Additionally, regular audits and risk assessments could have identified the cybersecurity breach in a timely manner.
2. Omni Hotels & Resorts
When the point-of-sale systems at the Dallas-based Omni Hotels & Resorts were hit by a malware attack in 2016, hackers accessed the information of more than 50,000 customer credit and debit cards. This data breach followed similar POS attacks on other hotels and retailers such as Hyatt Hotels and Target, which seems to corroborate the hypothesis that specific POS solutions were vulnerable to malware threats.
Hotels and retailers alike became targets because of the valuable payment information they collect during the purchase process. Omni claims to have immediately hired IT experts to identify and contain the issue; however, failure to notify customers on time led to fraudulent purchases using the stolen data.
Cybersecurity strategies such as employing two-factor authentication or utilizing tech that strictly monitors systems for unnatural activity can be used to prevent point-of-sale attacks. Preventative measures such as these may have allowed Omni to identify and patch the threats before it affected customers.
3. Emergency Service Alarms Hack
In a bizarre case of a government hack in 2017, cyber criminals managed to set off 156 alarms in Dallas. The hacker(s) triggered emergency sirens, which caused widespread panic in the Dallas area. The public was especially nervous considering that the false alarm came on the heels of several global terrorist events that had happened that week. The alarms went off for about 2 and a half hours before officials shut the systems down. While the hack didn’t result in direct financial damage or stolen data, it had other dangerous consequences, including overwhelmed emergency hotlines as scared citizens called 911.
The cyber attack was contained once response team technicians cut off the power supply to the sirens. It is unclear what security weaknesses may have led to this attack.
4. Ransomware Attack on 22 Government Agencies
In 2019, a coordinated ransomware attack targeted 22 government agencies simultaneously in Texas and took control of their IT systems. Hackers asked for a collective ransom of $2.5 million to release IT systems.
However, the government agencies decided to restore their system from backup storages instead of paying the ransom and were able to eventually go back to their regular operations. As the Texas Department of Information Resources noted, most ransomware cybersecurity breaches are caused by unskilled hackers. Therefore, maintaining even basic IT hygiene can be successful in deterring attacks.
This cybersecurity breach originated from vulnerabilities of a third-party provider that was responsible for remotely managing infrastructures.
5. Department of Agriculture Breach
A data breach on the laptop of an employee of the Department of Agriculture exposed personal information from over 700 students in 2017. Personal data including names, Social Security numbers, home addresses, birth dates and phone numbers from students in 39 Texas school districts was stolen from the laptop.
The breach was caused by a malicious ransomware attack. Ransomware is most often caused by phishing emails or drive-by downloading, when a visit to an infected website can download software to your computer without your knowledge. Employee training on recognizing suspicious sites and emails can help protect against ransomware attacks, as well as strong anti-malware protection.
Learning from Cyber Attacks
Dallas businesses have a lot to learn from the cybersecurity breaches of recent years. Cyber criminals identify vulnerabilities and exploit them. Therefore, businesses can learn from past attacks to fortify their own weaknesses. Working with an experienced Managed Service Provider can help you develop cybersecurity strategies to protect against common and emerging forms of cyber attacks.