City of Tulsa investigation concludes personal information not accessed during hacking scare

TULSA - City of Tulsa officials say personal information was not accessed during a hacking scare involving the city's website.

Officials mailed around 90,000 letters, warning people their information may have been at risk after one of the main servers was thought to have been hacked, prompting the shutdown of the city's website.

According to the letter , personal information, such as a person's name, address, social security number and driver's license number, " may have been accessed."

After an investigation, officials have confirmed personal information was not accessed by an unauthorized user.

However, in order to comply with state notification laws, the city mailed the letters as a precaution.

"We are dedicated to the security and protection of our employees and citizens first," said Jim Twombly, city manager. "We had to treat this like a cyber-attack because every indication initially pointed to an attack."

Officials say a third-party firm contracted by the city of Tulsa's IT department periodically attempts to access the city's networks to identify vulnerabilities. 

An unfamiliar testing procedure was used, which was initially thought to have been a hacking attempt.

The firm has confirmed no personal information was accessed.

"The good news is that we can now confirm that no personal information was accessed by an unauthorized source," said Mayor Dewey Bartlett.  "In addition, we have used this opportunity to enhance our network security and strengthen processes that we would use to identify potential breaches."

The incident cost the city about $20,000 to mail the warning letters to those potentially impacted, but in response, Twombly said, "Again, our first priority, based on the information we had, was to notify and help protect those individuals."

Print this article Back to Top