You are here

Cybersecurity Breaches

As required by 62 O.S. 34.11.10, the Oklahoma State Government Security Breach Transparency Initiative, the Oklahoma Chief Information Officer shall develop and maintain an online web presence for the public to access information on certain security breaches.

Incident

On 16 August 2019 an Oklahoma Law Enforcement Retirement System ( “OLERS” ) employee’s credentials were compromised. Due to the access of this individual, after addressing the initial incident, OLERS launched an investigation and hired third-party investigators to confirm what information, if any, may have been accessed. The investigation revealed the information of as many as 3,796 individuals were potentially accessed. Notice was provided to impacted individuals. OLERS provided affected individuals with information regarding steps they can take to protect their information, including placing a credit freeze or fraud alert on their credit file, and complimentary credit monitoring services. OLERS also reported this incident to the FBI and has cooperated with its investigation.

Agency Incident Date Type of Data Number of Records More Information

Oklahoma Law Enforcement Retirement System

August, 2019

Personally Identifiable Information (PII)

3,796

Persons who think their information may have been compromised due to this breach should contact 1-405-522-4932 from 9:00 a.m. – 5:00 p.m. CDT.

Incident

The Oklahoma Department of Human Services (OKDHS) received an email from a citizen on April 23, 2020 reporting that some of her personal information was visible to another citizen who was applying for benefits.  On April 24, 2020, it was determined that this involved the okbenefits.org website, and an investigation began that same date with OKDHS, Office of Management and Enterprise Services (OMES) and the vendor Accenture to determine the cause of the incident.  The investigation took 8 days.  It was determined that a function which allowed an applicant to begin an application and finish it later was involved.  The appropriate tables were queried to identify any other records similar to the reported incident, and the results were reviewed to ensure that no other mismatched records existed.  Steps were taken to remove any existing application records of the type involved in this incident and to prevent future occurrences.  The investigation revealed that the personal information of 3 individuals was affected.  OKDHS is in the process of providing notice to impacted individuals with information regarding steps they can take to protect their information.

Agency Incident Date Type of Data Number of Records More Information

Oklahoma Department of Human Services

April, 2020

Personally Identifiable Information (PII)

3

Persons who think their information may have been compromised by this breach should contact the department at 1-877-751-2972 or by email to [email protected].

Incident

The Oklahoma Employment Security Commission (OESC) was notified at 10:32 p.m. on May 16, 2020 that the personally identifiable information (PII) of an individual was displayed as part of an error screen on OESC’s website. OESC IT Staff reviewed the website, but did not identify any problems. Out of an abundance of caution, staff took down the web page at approximately 10:50 p.m. on May 16, 2020. Staff changed the error message to prohibit recurrence of displaying PII, and brought the website back up at approximately 1:30 a.m. on May 17, 2020. OESC directly contacted the affected individual by mail to notify of the breach. 

Agency Incident Date Type of Data Number of Records More Information

Oklahoma Employment Security Commission

May, 2020

Personally Identifiable Information (PII)

1

Please direct any questions, comments or concerns you may have to [email protected]

Incident

The Oklahoma District Attorneys Council was notified of an individual’s personally identifiable information (PII) being available via a legacy web interface. The Council immediately removed the content. Upon investigation, it was determined personal information related to 502 vendors was also exposed. Once identified, the Council directly contacted the affected individuals, provided guidance to help protect their information (e.g., placing a credit freeze or fraud alert on their credit file), and offered complimentary credit monitoring services.

Agency Incident Date Type of Data Number of Records More Information

Oklahoma District Attorneys Council

June, 2019

Personally Identifiable Information (PII)

502

  • Persons who think their information may have been compromised due to this breach should contact 1-855-958-0545 from 9:00 a.m. – 9:00 p.m. EDT.

Incident

The Oklahoma Department of Securities received notice of a vulnerability in a firewall that made a department server used as a storage device accessible. The department took immediate steps to close the vulnerability, and took the device offline. The department launched an investigation into this incident and hired third-party investigators to confirm what information, if any, may have been accessible. The department reported this incident to the FBI and has cooperated with its investigation. The investigation revealed that the information of as many as 305,746 individuals were affected. The department provided notice to impacted individuals whose personal information potentially was compromised. The department provided affected individuals with information regarding steps they can take to protect their information, including placing a credit freeze or fraud alert on their credit file, and complimentary credit monitoring services.

The department's computers comprise a standalone system and are not linked to any other State of Oklahoma systems. To date, the department has no evidence of actual fraudulent misuse of the information.

Agency Incident Date Type of Data Number of Records More Information

Department of Securities

December, 2018

Personal information, including names, dates of birth, Social Security numbers, and financial account numbers

305,746 individuals (local, national and international)

Persons who think their information may have been compromised due to this breach should contact the department at 405-280-7700 from 8 a.m. to 5 p.m. CDT Monday through Friday.

Incident

A third-party vendor database used by 10 states, including Oklahoma, was breached. American Job Link Alliance (AJLA) develops, operates and manages the compromised database and website application. The Oklahoma Employment Security Commission (OESC) and the Office of Workforce Development both use the website application. The JobLink system is a standalone system and is not linked to any other State of Oklahoma systems. AJLA’s investigation determined 430,679 users in Oklahoma were affected. AJLA will notify all users whose account information was compromised and set up a call center to field questions. The system has been fixed and secured by AJLA, and the scope of the breach was evaluated by a third-party vendor, RSA, which performed forensic analysis, and is working with the FBI.

Agency Incident Date Type of Data Number of Records More Information

Oklahoma Employment Security Commission

Office of Workforce Development

March, 2017

User account information, including names, dates of birth and Social Security numbers

430,679 users

Users who think their information may have been compromised due to this breach should contact AJLA at [email protected] or toll free at 1-844-469-3939 from 8 a.m.- 8 p.m. CDT Monday through Friday.