The City of Tulsa and the University of Oklahoma both confirmed they are customers of SolarWinds, the company that was hit by a recent cyberattack. The U.S. suspects the attack was carried out by Russian hackers.
University of Tulsa Tandy Professor of Cyber Security Tyler Moore said this cyberattack is significant, but the average Oklahoman does not need to be worried about their personal information.
He said Fortune 500 companies and government agencies using SolarWinds are the ones who are concerned. SolarWinds was founded in Tulsa, then the company moved to Austin, Texas.
"There's a real potential of exposure of business secrets that we need to be worried about," Moore said.
The City of Tulsa said in a statement it does use SolarWinds products, adding, "While the version the City uses is not affected, we have shut down all SolarWinds products out of an abundance of caution. At this time, there is no evidence of a breach of the City's systems."
Meanwhile in Norman, the University of Oklahoma said it is actively investigating for any signs of compromise, saying in a statement, "OU-IT had patched its SolarWinds servers to a non-compromised version several weeks prior," to being notified of the breach.
Moore said IT departments at companies that use SolarWinds are scrambling to look for any evidence of a hack and said it is possible they may never know if information was stolen.
"If somebody comes in and steals your sensitive data, the data's still there. And so you have to look for other evidence that someone has been able to log in and take the information, which is really hard to do,” Moore said.
The BBC reports the biggest target so far is the U.S. government.
Moore described this as the biggest cyber breach since the EquiFax data breach in 2017 when nearly 150 million credit reports were stolen; and before that, the breach of the Office of Personnel Management back in 2015.
Moore suspects the fallout from this breach will be felt for most of 2021 and beyond.