Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Tulsa Says Network Hack Gained Some Social Security Numbers

Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said.

Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said.

The hackers got Social Security numbers for 27 people in the cyberattack Tulsa detected May 6, Michael Dellinger, the city’s chief information officer, said Tuesday.

The city said in June that the hackers had gotten into files that included other personally identifiable information, such as names, birth dates, addresses and driver’s license numbers, but not Social Security numbers. But further investigation revealed more.

“As you can imagine, it takes time to thoroughly analyze every file,” Dellinger said.

Dellinger said the Social Security numbers that were hacked had been included in online police reports submitted between Jan. 1, 2015, and May 6 — when the city found out about the attack.

“While normally not included on online police reports, the team identified 27 instances of Social Security numbers being put into a free form text field” that were accessed, Dellinger said.

The city is trying to reach the 27 people whose Social Security numbers were hacked, he said. Any resident who filed a police report online can go to www.cityoftulsa.org/cyber to find out if their information was released on the dark web.

Advertisement. Scroll to continue reading.

“If you received a ticket in the field, these records were not released,” according to Dellinger.

More than 18,000 hacked files were posted on the dark web with other information such as names, dates of birth, addresses and driver’s license numbers.

The city shut down its network when it discovered the hack, which primarily affected those trying to pay water bills.

All public-facing services have since been restored and the entire network is expected to be fully functional by Sept. 15, Dellinger said.

Dellinger said the city knows who was behind the hack but that the group will not be identified because it is seeking publicity.

Related: Alabama City to Pay $300,000 Ransom in Computer System Hack

Related: Durham City, County Recovering After Ransomware Attack

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.