In August, We Learned The Dallas Police Department Lost 22 Terabytes of Data, Prompting An Investigation. Do You Know What Happened? Let’s Dive In.
When it comes to the Dallas Police Department data crisis — a pretty major story, actually! — there’s a lot of coverage out there.
That’s fine, and even good, but it has been making navigating the situation as a reader a little overwhelming. You may find yourself at a get-together engaging in small talk when someone brings up lost evidence and terabytes, leaving you thinking, “Shit. I just scrolled past those articles.”
Don’t fret! Here, we’re laying out your potential questions and giving you the Cliffs Notes on the lost data deal, so you can now be in the know.
With technical help from the FBI, the city’s IT Risk Management Department published the initial 131-page report of the investigation into the data loss on September 30, and that’s where we’ll find most of the answers.
First off, exactly what kind of data was lost, and what does that look like?
Basically, it’s a wide array of evidence that was archived by the DPD — such as case notes, videos, pictures and audio.
Of the 22 terabytes lost — a full eight million records in total — 14 of those terabytes were recovered, meaning another eight TBs of evidence permanently lost. If you need that put into perspective, know that just one terabyte can hold 250,000 photos, 6.5 million documents or 500 hours of HD video.
Both original and backups were deleted from the server, so the hope of recovering more files lies in the chance of copies existing on police laptops.
So, whose fault was it?
An IT person. One. That’s it.
While transferring data from DPD’s server to an on-site data archive, this employee didn’t follow the correct protocols, and they accidentally deleted the files.
Yes, the worker has since been fired.
During a recent city council meeting, the police department said they couldn’t prove whether or not this individual had criminal intent, but the FBI has since started an investigation into the ex-employee.
On a wider scope, the blame also lies on the department as a whole for not having necessary disaster recovery procedures — and, well, just careless supervision. In an audit conducted by the city’s Information and Technology Services department, it was also found that an additional 13. 167 TBs of information had been lost in past incidents unrelated to this current one — by the same employee, no less.
According to the report, three ITS service managers had to approve the huge data transfer — which, by the way, is a risky move in and of itself — and they clearly did not understand the scope of the migration. Per the report, these managers “either did not understand the actions to be performed, the potential risk of failure or negligently reviewed the change request prior to providing authorization and approval to proceed.”
The data loss began on March 30. It was noticed by DPD starting on April 5, when users noticed missing files. This reveal blindsided Dallas City Council members and Dallas Mayor Eric Johnson when the District Attorney’s office released a memo about the data loss on August 11. District Attorney John Creuzot had only found out about the loss on August 6, a few days prior to his memo’s release.
City Manager T.C Broadnax knew in April, but for some reason didn’t think it was a big deal to share the information with anyone else. As such, Broadnax has become the a major target for critics who are pointing fingers about who’s to blame for the crisis control in this situation.
One final contributing factor to this situation? The data move decision that led to the loss was based in efforts to save money. DPD decided in March its data would be moved from a cloud-provided service to an on-site archive, as the cost for the cloud method exceeded the allocated server budgets by $22,000 per month. Of course, the report states that adequate risk assessments were not performed when the on-site data storage model was decided upon, further confirming that budget concerns were prioritized over best practices of data management.
Who was affected here?
Since this is police evidence we’re dealing with, the loss can severely impact ongoing cases — and we’re talking, like, tens of thousands of them.
In the DA’s memo, it was explained that all the affected cases are from before July 28, 2020, and don’t include “direct file” cases — which is to say cases without a detective, such as DWIs, evading arrest charges and unlawful possession of a firearm by a felon charges. What the memo doesn’t mention — but the investigation report does — is that the majority of the data loss has been in cases involving the Family Violence Unit. In other words: Cases involving child abuse have been compromised by his error.
At this point, officials believe the total number of compromised cases is 17,494, with around a thousand of those currently being viewed as priorities by the District Attorney’s office. Due to the lost evidence, though, it’s possible some cases will have to get thrown out. One murder suspect has already been released after the trial for his 2019 charge was delayed because the evidence against him had been lost.
Is the investigation over?
Not at all!
As the FBI continues to looks into the possible fault of the data-deleter, an independent investigation has been launched by the law firm Kirkland & Ellis, which has placed Erin Nealy Cox, a former U.S Attorney of the Northern District of Texas, on the case.
According to Cox, her firm’s investigation should take 60 days, plus an additional 30 days to complete its final report.
In other words, don’t expect full answers as to exactly what happened, where things went wrong, how they can be corrected and how they can be prevented in the future until at least early 2022.
So, what does this all mean for Dallas moving forward?
For the time being, like we just said in the section above, a whole lot of waiting.
Long-term, we can only hope the city learned its lesson on how it stores data, who it puts in managing positions and how it handles crises so that this won’t ever happen again. This is a situation that made the department lose credibility, and caused Dallas City Council to open its eyes and reassess how things are run at DPD.
As you might expect, officials are saying the right things for now, promising that policies will be revised.
Considering that this data loss puts justice and the general safety of Dallas citizens at risk, uh, yeah. They’d better be!