Tulsa police say 18,000 files are leaked after Conti ransomware hack

Citations and internal police department files from the city of Tulsa, Oklahoma are circulating on cybercriminal marketplaces after a ransomware incident in which hackers stole some 18,000 files, city officials say.

A notice posted on a municipal website on June 22 warns that residents’ data including names, birth dates and driver’s license numbers is accessible to scammers following a hack carried out by the Conti ransomware gang. The digital extortionists breached the Tulsa police department in May, leaking stolen data about 22 officers and promising to publish more if the city refused to pay a ransom.

“[O]ut of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where [personally identifiable information] was shared, whether online, in-person or on paper, prior to May 2021, is being asked to take monitoring precautions,” the city said in a statement this week.

Tulsa shut down a range of city websites and services as part of the effort to remediate the breach.

The theft from the Tulsa police department roughly coincided with unrelated breaches at Washington D.C.’s Metropolitan Police Department, as well as smaller departments in Florida, Maine and Arizona.

In this case, the main suspect is a prolific group known as Conti. The same criminal organization, thought to be based in Russia, is known for a recent attack against Ireland’s national health service.

An FBI alert published in May also warned that the Conti group carried out 16 attacks aimed at disrupting health care and first responder networks in the U.S. The bureau added that investigators tied Conti-affiliated hackers to 290 hacks against American organizations, and an additional 110 hacks worldwide.