The City of Tulsa announced that no personal information was compromised in a recent website "hack." In fact, what they thought was a security breach was actually a test by a third-party firm hired by the City's Internet technology department.
The incident cost the City about $20,000 for a mass mailing that warned about 90,000 customers their personal information might have been accessed in what turned out to be a false alarm.
Chief Information Officer Tom Golliver has been placed on administrative leave with pay, the city announced Monday evening in a second release.
"The circumstances surrounding this action are related to a personnel issue, and no further comment will be available," Mayor Dewey Bartlett said in the second release.
The City put a positive spin on the false alarm security breach in the first news release, stating that the IT department had been able to strengthen its security following the false alarm.
The third-party consultant had been hired to perform an assessment of the city's network for vulnerabilities. The firm used an unfamiliar testing procedure that caused the City to believe its website had been compromised.
"We had to treat this like a cyber-attack because every indication initially pointed to an attack," said City Manager Jim Twombly.
"From their end, it was a routine scan. On our end, it wasn't routine," Twombly said. "We tried to react quickly, but I think we could have handled it better."
"The good news is that we can now confirm that no personal information was accessed by an unauthorized source," said Tulsa Mayor Dewey Bartlett.
The city says someone tries to hack Tulsa's website a thousand times a day and the system is strong, but improvements can be made.
"I think we need to look at incident management for IT security just like we look at incident management and command with natural disasters, ice storms, blizzards, that sort of thing," Twombly said.
Tulsa Police Department Captain Jonathan Brooks has been named the interim director of the Information Technology Department.