Officials have recently revealed that threat actors gained access to the Social Security numbers of over two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months.

Back in May, Conti Ransomware operators have deployed an attack on the city of Tulsa’s network, leading to the city being forced to shut down all of its systems and disrupt all online services.

Conti is believed to be run by a Russia-based cybercrime group known as Wizard Spider, with the group using phishing attacks in order to install the TrickBot and BazarLoader trojans in order to obtain remote access to the infected machines.

The shutdown of Tulsa’s City systems, unfortunately, prevented the residents from accessing the online bill payment systems, utility billing, and other services through email, whilst the websites of the City of Tulsa, Tulsa City Council, Tulsa Police, and Tulsa 311 were down for maintenance.

At the time of the attack, it was unknown what ransomware group was behind the incident, but the Conti Ransomware gang took responsibility and published 18,938 of the City’s files, mainly police citations and internal Word documents.

On June 22, 2021, the City of Tulsa was made aware the persons responsible for the May 2021 City of Tulsa ransomware attack shared more than 18,000 City files via the dark web mostly in the form of police reports and internal department files. These files contain some Personal Identifiable Information (PII) such as name, date of birth, address and driver’s license numbers.


According to the city’s chief information officer, Michael Dellinger, the hackers also exfiltrated Social Security numbers for 27 people in the cyberattack.

Further investigation on the Tulsa ransomware attack revealed that the Social Security numbers that were hacked had been included in online police reports submitted between January 1, 2015, and May 6, 2021 — when the attack was exposed.

The city is trying to reach the 27 people whose Social Security numbers were hacked, he said. Any resident who filed a police report online can go to http://www.cityoftulsa.org/cyber to find out if their information was released on the dark web.

The City’s Incident Response Team and federal authorities are continuing to investigate the data breach and monitor any information being shared.

Following the cyber attack in May, the City’s main priority has been to restore critical resources and mission-essential functions, which include public-facing systems and internal communications and network access functions. Business recovery teams had categorized and prioritized system restoration efforts and have continued their work to restore and validate business systems within the City.


Conti Ransomware Leaks Police Citations and Forces the City of Tulsa to Issue a Data Breach Warning

Conti Ransomware Releases Decryptor for Ireland’s Health Service, Still Threatens to Sell Data

Tulsa’s Online Services Suffered a Disruption

Leave a Reply

Your email address will not be published. Required fields are marked *