City creates online search tool for residents to see whether their data was made public in ransomware attack
City creates online search tool for residents to see whether their data was made public in ransomware attack

  • Updated
Twenty-seven Social Security numbers were released onto the dark web by the hackers behind the ransomware attack on the city of Tulsa, officials announced Tuesday.

The Social Security numbers were included in the nearly 19,000 files — most of them online police reports completed by residents — that hackers made public in June, nearly two months after the April 21 attack on the city’s computer systems.

Michael Dellinger, the city’s chief information officer, said the city is sending letters to each person whose Social Security number was released. The city has also established an online search tool residents can use to determine whether their personal information has been made public.

The lookup tool is available at cityoftulsa.org/cyber.

“Basically, citizens can go online, and they can enter two identifying pieces of information, like their name, their date of birth, into a search, and it will tell them what was released, like their name, their address, their ZIP code, things like that,” Dellinger said.

The online police reports that were made public date from Jan. 1, 2015, through May 6, 2021 — the day the city became aware of the attack and shut down its systems.

Dellinger encouraged those using the lookup tool to do multiple searches using different personal identifiers to ensure that the search is as thorough as possible.

Other personal information from the online police reports made public by the hackers includes names, addresses, dates of birth and driver’s license numbers.

“I would like to stress that if your information was released on the dark web, you should take precautions,” Dellinger said. “You should contact all three credit bureaus and issue a credit freeze or a fraud alert. You should monitor your financial accounts and credit reports.

“And you should get with your credit and debit card companies and consider issuing fraud alerts.”

Dellinger said the city should have its computer systems fully restored by Sept. 15, about six weeks earlier than expected. Nearly all of the city’s out-facing services are back online, as are all public safety systems.

The hackers breached the city’s computer system through what appeared to be an innocuous email with a PDF attached, Dellinger said.

“Then they actually have codes behind that document that in essence embeds itself into your organization and beacons,” he said. “Basically, it will beacon out for somebody to connect, and that is actually how they gained entry.”

City officials declined to name the hackers Tuesday, saying they did not want to give the organization any publicity or help to perpetuate its work.

Cybersecurity experts who reviewed data provided by the Tulsa World earlier this month said it is likely the attack was executed by Conti, a network of hackers with roots in Eastern Europe and Russia.

Approximately 40% of the city’s 471 servers were damaged — or encrypted — in the attack and, as of early July, the city had spent $315,000 restoring the system and installing additional security.

“This was a well-crafted attack. Organizations like this tend to customize the attack to your defenses, and that is what happened in this particular case,” Dellinger said. “So what we have done is we have added additional layers onto our actual security protocols as well as added additional monitoring to hopefully catch someone doing this in the future.”

Featured video: Biden tells Putin 'to act' against ransomware groups

President Joe Biden says he told Russian President Vladimir Putin that he expects "them to act" against ransomware groups and cybercriminals acting in his country.

kevin.canfield@tulsaworld.com

