Dallas County Data Incident from Computers Sold at Auction

Dallas County Data Incident from Sold Computers

Table of Contents

Background

Last month, Dallas County released a notice disclosing that Dallas County computers were sold at auction that did not have their hard drives securely wiped. The computers sold at auction included computers from Dallas County Sheriff’s Department and other Dallas County departments. The notice states that there could be personally identifiable information (PII), criminal records information, and protected health information (PHI) of Dallas County residents on these computers.  
Dallas County set up a website to provide updates on the situation, started the process of recovering these computers, and set up a dedicated call center for individuals to call if they have questions.  

Data Loss Prevention (DLP) focusses on preventing this type of accidental data disclosure. For enterprise environments, DLP strategy can be quite comprehensive and focuses on network, cloud, and endpoint data protection, along with various compliance requirements like PHI for HIPAA requirements.  The more immediate and personal concern in this data loss incident is identity theft. 

Identity Theft Response Best Practices

There a various steps that can be taken in response to identity theft. One way  check if an email or phone has been part of data breach is to to check: https://haveibeenpwned.com/. Dallas County’s website also mentions that identity theft victims, under the Fair Credit Reporting Act, have additional rights including free credit file disclosure and the ability to place a fraud alert on a credit file. The Dallas County Data Incident notice lists these 5 best practices in response to a possible data breach incident:

  1. Register for Identity Protection Services. 
  2. Review Your Accounts for Suspicious Activity 
  3. Order a Credit Report 
  4. Contact the Federal Trade Commission, Law Enforcement and Credit Bureaus   
  5. Request Fraud Alerts and Security Freezes 

Securely Wiping Computer Data Best Practices

There are some common methods to securely wipe data before selling or disposing of a computer. Reinstalling a new operating system copy erases hard disk drive (HDD) data, but not solid-state drive (SSD) data. Encrypting SSD data prevents data recovery. Windows users can use BitLocker or Windows Device Encryption. BitLocker is a Windows encryption technology that protects data from unauthorized access.  
Windows users can also wipe data on their computers with the “Recovery” and “Reset PC” options. Mac users can enable FileVault for data encryption and wipe data through the “Disk Utility” option.