City Encourages People To Use Lookup Tool To See If Their Info Was Stolen In Ransomware Attack

Jul 13, 2021

Credit Matt Trotter / KWGS

The City of Tulsa has created a lookup tool for people to see if their information was posted online after a ransomware attack.

Most of the 18,000 files stolen in the April attack and put on the dark web last month were online police reports with information including anything from names and dates of birth to full addresses and driver license numbers. The tool is available at cityoftulsa.org/cyber, and Chief Information Officer Michael Dellinger said anyone who filed an online report between Jan. 1, 2015, and May 6, 2021, should use it.

"I do recommend that citizens search multiple ways — search name and date of birth, search name and ZIP code — because like I said, different reports may have only had just their name in it. Other reports might have had their full address in it," Dellinger said.

According to a city analysis, 27 Social Security numbers entered as text on police reports were compromised. The city will contact those individuals directly.

The ransomware attack affected about 40% of the city's servers, affecting systems from police body cameras to building permit applications. Dellinger said the city is on track for full recovery by mid-September.

Cybersecurity experts suspect the group Conti is behind the ransomware attack, and Dellinger said while the group responsible has been identified, the city will not provide any details about it, like its name or possible country.

"This is a criminal organization that is looking for free advertisement, and we do not want to feed into that nor do we want to perpetuate this kind of activity," Dellinger said.

Hackers used an email with an innocuous-looking Word document or PDF attachment to gain entry to the city’s systems. Dellinger said the city has added additional layers to its cybersecurity protocol.