At the end of September we learned that City of Tulsa representatives started sending out alerts, notifying citizens that their names, addresses, social security numbers and other details might have been stolen by cybercriminals.
As it turns out, hackers were not responsible for the breach. Instead, it was a company hired by the city’s IT department to perform penetration testing.
Apparently, the security firm utilized an unfamiliar testing procedure which led officials to believe that it was a cyberattack, News9 reports
“From their end, it was a routine scan. On our end, it wasn't routine,” City Manager Jim Twombly explained.
The good news is that the details of the potentially affected individuals are safe. Also, after the incident, the IT department managed to further strengthen the city’s systems, which are said to be targeted thousands of times daily by cyberattacks.
This also made officials realize that incident management for IT security should be treated just like the one for natural disasters.
On the other hand, there is some bad news as well. First of all, the incident forced authorities to take down the website, banning residents, businesses and visitors from using its services.
However, that’s not the main issue. Letters were sent out to the 90,000 individuals whose details might have been stolen by the so-called hackers. As expected, it’s not cheap to send out that many notifications and, as it turns out, the city spent around $20,000 (15,000 EUR) for the operation.
Another downside to this drill is that it caused unnecessary panic among citizens.
The chief information officer who failed to determine that the hack
was actually part of a penetration test has been placed on administrative leave with pay. In the meantime, his position will be filled by Tulsa Police Department Captain Jonathan Brook.