In a news release issued Monday, the city of Tulsa says it has confirmed that personal information was not accessed by an unauthorized user while the city's website was offline for two weeks.
"Based on the best information we had available at the time, and in order to comply with state notification laws and perform due diligence, the city notified individuals whose information was potentially accessed, as a precaution," said the news release.
“We are dedicated to the security and protection of our employees and citizens first. We had to treat this like a cyber-attack because every indication initially pointed to an attack,” said City Manager Jim Twombly.
The city says a consultant was hired to perform an assessment, and it was discovered that a technical problem caused the shut-down, not a cyber attack. The city says it has taken additional steps to protect the system, servers and web users.
Mayor Dewey Bartlett said, “The good news is that we can now confirm that no personal information was accessed by an unauthorized source. In addition, we have used this opportunity to enhance our network security and strengthen processes that we would use to identify potential breaches.”
As a result of the incident, the City mailed approximately 90,000 letters at a cost of about $20,000. “We did spend about $20,000 on a mass mailing in order to notify those who were potentially impacted. Again, our first priority, based on the information we had, was to notify and help protect those individuals,” Twombly said.
An additional $25,000 was spent on security consulting services to add protection measures to the website. The city confirms its IT director is on paid leave as the city continues to investigate the matter. City officials would not elaborate, but only said the IT director's leave was related to the website crash.