The City of Tulsa utilities ransomware attack continues to create major problems for citizens, with over 18,000 Tulsa police reports recently released on the dark web. While the city was quick to assure residents that no social security numbers were released in the data breach, Tulsans are wary following the updated news.
While social security numbers may not be included in the attack, other personal details, such as names, birthdates, and addresses, were made public.
According to the City of Tulsa’s statement about the ransomware attack, “the city of Tulsa was made aware that the persons responsible for the May 2021 city of Tulsa ransomware attack shared more than 18,000 city files via the dark web mostly in the form of police citations and internal department files.” The statement did not go into specific detail about what types of police files were released, nor did the city spokesperson confirm if the victims of the privacy breach would be contacted.
Tulsa backtracks on previous statement
The City of Tulsa first made the public aware of the ransomware attack in early May, but initially stated that no personal information was compromised. Cyber investigators soon discovered that the Conti group was responsible for the attack, the 37th such attack on a municipality since 2021. The City of Tulsa has not paid the ransom.
The City of Tulsa is urging residents who have had contact with the police to take extra precautions. “No other files are known to have been shared as of today, but out of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the city, or interacted with the city in any way where PII was shared, whether online, in-person or on paper, prior to May 2021, is being asked to take monitoring precautions,” according to a statement by the city.
Such precautions include getting an updated credit report, tracking finances through debit and credit cards, and changing passwords on all financial and personal accounts.