Conti Ransomware Gang Responsible For City of Tulsa Breach, Leaks Residents' Personal Data

Conti Ransomware Gang Responsible For City of Tulsa Breach, Leaks Residents’ Personal Data

The city of Tulsa has issued a warning about a ransomware gang that published police citations online containing personal data of city residents.

In early May, the City of Tulsa suffered a ransomware attack, which led to the shutdown of its IT network. The attack crippled the websites for the City of Tulsa, the Tulsa City Council, Tulsa Police, and the Tulsa 311 for the City of Tulsa, including its utility billing and email systems.

On April 27, 2018, Tulsa was hit by a ransomware attack. At the time, it was not known what threat actor was behind the attack.

But yesterday, the City’s files were published by the Conti Ransomware gang. They claimed responsibility for the incident and released almost 19,000 documents, mostly police citations and internal documents. Believed to be operated by Russian Wizard Spider gang, Conti recently was behind attacks on Irish schools and health institutions.

The City of Tulsa immediately warned residents that the personal information of individuals was exposed after the hackers leaked police citations. Over 18,000 city files, which were shared on the dark web:

“Today, the City of Tulsa was made aware the persons responsible for the May 2021 City of Tulsa ransomware attack shared more than 18,000 City files via the dark web mostly in the form of police citations and internal department files,” said the police’s press release.

Police citations usually contain names, addresses, and driver’s license numbers:

“Police citations contain some Personal Identifiable Information (PII) such as name, date of birth, address and driver’s license number. Police citations do not include social security numbers.”

The City of Tusla is asking “anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared” to be extra vigilant against identity theft. When criminals publish stolen data, other criminals can use it to carry out their own phishing attacks and fraudulent activities.

Due to the nature of the fraudulent activities, it is also vital that the victims monitor their credit reports and card statements for further protection.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.