City of Tulsa Cyber Attack Was Penetration Test, Not Hack

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The City of Tulsa, Oklahoma last week began notifying residents that their personal data may have been accessed — but it now turns out that the attack was a penetration test by a company the city had hired.

“City officials didn’t realize that the apparent breach was caused by the security firm, Utah-based SecurityMetrics, until after 90,000 letters had been sent to people who had applied for city jobs or made crime reports online over the past decade, warning them that their personal identification information might have been accessed,” writes Tulsa World’s Brian Barber. “The mailing cost the city $20,000, officials said.”

“An additional $25,000 was spent on security consulting services to add protection measures to the website,” FOX23 News reports.

“The third-party consultant had been hired to perform an assessment of the city’s network for vulnerabilities,” write’s Dee Duren and Lacie Lowry. “The firm used an unfamiliar testing procedure that caused the City to believe its website had been compromised. ‘We had to treat this like a cyber-attack because every indication initially pointed to an attack,’ said City Manager Jim Twombly.”

“The chief information officer who failed to determine that the hack was actually part of a penetration test has been placed on administrative leave with pay,” writes Softpedia’s Eduard Kovacs. “In the meantime, his position will be filled by Tulsa Police Department Captain Jonathan Brook.”

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis