False alarm

A routine test of computer security in Tulsa, Okla., went very wrong, with city officials panicking after they thought their web servers had been hacked. Turns out the feared hacking was actually a test performed at the city’s own behest, according to radio station KRMG.

When Tulsa officials detected what they thought was a mass hacking incursion, they mailed out 90,000 notices to people alerting them that their personal information may have been leaked. Only then, however, did officials realize that the “hacker” was actually the city’s own security consulting firm.

City Manager Jim Twombly said officials acted in error. “In hindsight, should we have read things differently, should we have been more skeptical of our immediate fear and response? Hindsight is always 20/20 and perhaps we should have taken a slower approach,” he told the radio station.

Fallout from the incident is continuing. The city’s chief information officer was placed on paid administrative lead, though city officials won’t say why.

The phony hacking also had another ominous result. It revealed that one of the city’s most important websites, for the Tulsa Police Department, was “quite vulnerable,” according to Twombly.

“What we need to do is basically rebuild that from scratch,” he said, “and that’s what’s going to take a long time.” In the meantime, the police website remains down.