|Updated: 10/02/2012 6:33 pm
||Published: 10/02/2012 5:57 pm
Three weeks after the City of Tulsa's IT department thought the city's Web site had been hacked, the city has spent roughly $45,000 to fix the problem that didn't exist, and tens of thousands of Tulsans have dealt with the fear and inconvenience of thinking their personal information was stolen.
As it turns out, the site was not hacked and nobody's information was stolen.
But the city spent close to $20,000 mailing out 90,000 letters alerting people their information might have been stolen.
It also spent another $25,000 hiring an outside consulting firm to help fix the problem and get the site back up and operating.
But the alleged "hacker" was actually a consulting firm the city hired a year and a half ago to periodically scan the city's Web site looking for holes that hackers could find. In this case, the company found the hole.
Amy Murtola was one of the 90,000 who received a letter from the city.
"I had applied for a job with the City of Tulsa months ago, and my first thought was identity theft," Murtola said.
She couldn't believe this all happened because a company did what the city hired it to do.
But City of Tulsa City Manager Jim Twombly said it was a bit more complicated.
"We did check IP address," Twombly said. "And the IP address check that we ran led us in a direction that looked like it was a spammer."
So the city never checked with the company itself, Security Metrics, to see if it was responsible.
"If there were more communication between the city and the company that they had used in the first place it would have saved a little money," Lauren Wyzard, who also received a letter from the city, said.
The confusion also led to more expenses, including the $25,000 to hire the second company, True Digital Security, to help solve the problem.
But Twombly said the city likely would have spent that money this year anyway. After all, the city's IT department is constantly repelling attacks for would-be hackers everyday.
"It might have been spent on more IT security," TWombly said.
"May very well have been something we should have spent earlier to help us with security issues."
And Twombly said Tulsa taxpayers will be getting their money's worth.
"They are also going to help us with security in the long term," he said.
"Making recommendations about architecture, code, servers, updates, those sorts of things."
It's a little bit of relief for Murtola after an inconvenient ordeal.
"I'm upset, but I'm also happy to see that it was a way to open their eyes to any holes that might be in the system and them take the steps to get it taken care of."
The city's IT manager is on paid administrative leave for the time being, but the city won't say what role he played in the ordeal.
The City of Tulsa is also looking to hire another outside consulting firm to help restructure the IT department to make sure it runs more efficiently and that this kind of thing doesn't happen again.