Cyber Incident Victim: City of Tulsa

On or around May 4, 2018, the City of Tulsa confirmed unauthorized actors had breached multiple city-controlled accounts across several cloud-based systems. Officials identified six compromised cloud platforms but provided no specifics regarding the nature of these systems, the duration of unauthorized access, or the exact entry methods used by the attackers. Upon discovery, the city immediately disabled all affected systems to contain the intrusion. Mayor G.T. Bynum publicly acknowledged the incident, noting similar security events had occurred previously, though no details about prior incidents were disclosed. City representatives asserted the breach caused no operational disruptions to municipal services or internal systems, maintaining critical infrastructure remained unaffected. No evidence suggested ransomware deployment, data exfiltration, or manipulation of city data during the incident.

The city’s response focused on rapid containment through system deactivation but did not disclose whether forensic investigations occurred or if third-party cybersecurity firms were engaged. Officials offered no information about whether user credentials, software vulnerabilities, or misconfigurations enabled the breach, nor did they confirm if citizen data resided on the compromised cloud platforms. Public communications emphasized the lack of operational impact while omitting technical details about the attack’s scope beyond the six disabled systems. No ransomware demands, data leaks, or financial losses were reported in connection with the incident. The city’s declaration of normalcy contrasted with the decision to disable multiple operational systems, though officials maintained this action was purely precautionary.