The Oklahoma Tourism and Recreation Department on Tuesday said it recently received notice that an unknown individual was claiming to have stolen data from TravelOK.com and related websites.
Officials believe the potentially affected visitors’ account information includes names, dates of birth, mailing addresses, phone numbers, and email addresses, according to a news release.
No visitors’ or Oklahoma residents’ Social Security numbers or financial data were affected by the incident, the agency said.
Upon discovery of the incident, the tourism department immediately contacted Oklahoma Cyber Command within the Office of Management and Enterprises Services and launched an investigation.
As a precaution, the tourism department took the system with the potential vulnerability off-line.
Oklahoma Cyber Command’s investigation into the nature and scope of the incident is ongoing.
The tourism department said it does not collect or otherwise store Social Security numbers.
All financial data provided by customers for purchases through the department are processed by secured third-party vendors and the department does not receive or store any financial information, it said in the release.
The tourism department is working with Oklahoma Cyber Command to ensure that the security of the information stored on its systems is protected. The department also is engaging third party specialists to conduct further investigations.
The tourism department’s system for TravelOK.com and related websites are comprised of a standalone system, managed wholly within the department, and are not linked to any other State of Oklahoma systems.