Dallas County officials are striving to determine the scope of a potentially massive data breach after discovering that personal data remained on thousands of computers sold at auction.
The sheriff's department used some of the computers, which comprised data from the county's internal criminal justice information system, a digital database of criminal cases used by prosecutors, defense attorneys, and judges.
“In this age of information, blatant violation of the Criminal Justice Information System (CJIS) rules and careless compromise of security is unacceptable,” Sheriff Marian Brown said in a Friday afternoon statement revealing the compromise.
It is unknown how many devices were impacted, whether information from other departments was compromised, where the computers went, and who is responsible for the improper disposal of information. The county has also not specified when the computers were auctioned off.
Jasmyn Carter, a spokesperson for the Sheriff's Department, stated in an email that the department is in the process of notifying the Texas Department of Public Safety, as required by law. County Judge Clay Lewis Jenkins stated that he will not comment until the "analysis is complete." District Attorney John Creuzot did not comment on the specifics of the data breach, but he expressed concern.
“I think the sheriff is correct to be concerned about information that may have remained on computers and gone somewhere else,” he said. “We should all be concerned.”
According to Brown's statement, computers from other county departments were also auctioned off. Carter stated that county staff informed the sheriff's department that steps had been taken to alleviate the situation.
There are also worries about computers that are still in the county's possession. The sheriff's office discovered that some computers that are still in use do not have proper encryption to protect criminal justice information.
Dallas County's IT staff informed Brown that steps are being taken to address the encryption issues with the current department computers, according to Carter. Dallas County is not the only entity involved in the recent mishandling of criminal justice data.
According to the Dallas Morning News, at least 13 Dallas police homicide cases could be thrown out following revelations that video evidence was permanently deleted in potentially hundreds of murder investigations dated to 2016.
Deputy City Manager Jon Fortune informed the City Council's public safety committee about the video evidence earlier this month. According to the News, an internal audit conducted in November discovered that police did not categorize 89,000 videos — 2% of the total number of videos stored on servers since 2016.
According to The News, if digital files are not properly stored, the platform may delete them. These data losses come on the heels of a separate Dallas police data mishap in which an accidental deletion resulted in the loss of 20 terabytes of data in 2021.
The sheriff's office declined to answer specific questions about the data breach.
Brown has stated that her office will collaborate with the Dallas County Information Technology Department to hold those accountable. Melissa Kraft, Dallas County's Chief Information Officer, did not immediately respond to requests for comment.