[BreachExchange] Tulsa warns of data breach after Conti ransomware leaks police citations

[Sophia Kingsbury]

https://www.bleepingcomputer.com/news/security/tulsa-warns-of-data-breach-after-conti-ransomware-leaks-police-citations/

The City of Tulsa, Oklahoma, is warning residents that their personal data
may have been exposed after a ransomware gang published police citations
online.

In early May, Tulsa suffered a ransomware attack that led to the City
shutting down its network to prevent the spread of the malware.

The attack disrupted Tulsa's online bill payment systems, utility billing,
and email, as well as the websites for the City of Tulsa, the Tulsa City
Council, Tulsa Police, and the Tulsa 311.

At the time of the attack, it was unknown what ransomware operation was
behind the attack on Tulsa.

However, yesterday the Conti Ransomware gang claimed responsibility and
published 18,938 of the City's files, mainly police citations and internal
Word docu

After the leak of data, the City of Tulsa issued a press release warning
that personally identifiable information was exposed in the leaked police
citations.

"Today, the City of Tulsa was made aware that the persons responsible for
the May 2021 City of Tulsa ransomware attack shared more than 18,000 City
files via the dark web mostly in the form of police citations and internal
department files," said the press release.

"Police citations contain some Personal Identifiable Information (PII) such
as name, date of birth, address and driver’s license number. Police
citations do not include social security numbers."

The City is asking "anyone who has filed a police report, received a police
citation, made a payment with the City, or interacted with the City in any
way where PII was shared" to be extra vigilant against threat actors
performing identity theft using the exposed information.

When ransomware gangs publish stolen data, other threat actors download it
and use the personal information to conduct their own phishing attacks,
scams, and other fraudulent activity.

Due to this, it is vital for those affected to monitor their credit reports
and credit card statements for fraud and be on the lookout for suspicious
emails or SMS texts claiming to be from the City.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210623/22129c30/attachment.html>