Red faces
BY World's Editorials Writers
Wednesday, October 03, 2012
10/03/12 at 2:52 AM
Imagine their embarrassment.
Information technology officials last month thought the city's website had been hacked. They alerted the proper authorities, launched an investigation into the perceived security breach and - at a cost of $20,000 - sent letters to 90,000 people who had applied for a city job or reported a crime online over the past 10 years, warning them to be on the lookout for identity theft.
Then it turned out that the website hadn't been hacked after all. Seems a third-party security firm hired to conduct periodic, unannounced tests of Tulsa's networks for vulnerabilities had used an "unfamiliar testing procedure" that city IT folks misinterpreted as an unknown security breach.
In addition to knocking out the city's website for more than two weeks and triggering a costly notification effort - not to mention causing a bunch of red faces around City Hall - the snafu raises at least three questions:
How in the world did this happen? How did it go on so long without someone thinking to check with the security contractor, or vise versa? How can we be sure it won't happen again?
The city's $138,405-a-year IT director has been suspended and an interim director has been brought in from the police department, which has had its own problems trying to install a workable onboard computer system in its squad cars. The city presumably will have to spend another $20,000 notifying the 90,000 website users who were needlessly alarmed earlier that, oh, by the way, everything is OK after all.
Meanwhile, understandably skeptical Tulsa citizens await answers.
