CIO on leave after security test mistaken for hack

Last week, the city government of Tulsa, Oklohoma, warned citizens that its website had been hacked.

It told them that it had detected an unauthorised attempt to access its web infrastructure, and warned them that their personal information may have been compromised.

"The City of Tulsa immediately took a variety of measures to protect individuals potentially impacted through a thorough review of the available logs," it said in a letter to people who had applied for a job through the website.

The cityoftulsa.org website was offline for many days, and the city government launched a criminal investigation into the attack.

Yesterday, however, it emerged that the supposed ‘hack’ was in fact a security test conducted by a third party that had been hired by the city’s Internet department.

According to local news website news9.com, the third party security firm used an "untested testing procedure" that the city mistook for an attack.

Tulsa’s CIO Tom Golliver has been placed on paid administrative leave following the incident.

news9.com reports that the warning letter, sent to around 90,000 residents, cost the city $20,000.

"We had to treat this like a cyber-attack because every indication initially pointed to an attack," said city manager Jim Twombly. "We tried to react quickly, but I think we could have handled it better."

"The good news is that we can now confirm that no personal information was accessed by an unauthorised source," said Tulsa Mayor Dewey Bartlett.

This article is tagged with: