Someone hacked into computers at three Oklahoma law enforcement agencies and may have stolen private information meant only for police use, the state Department of Public Safety announced Friday. Details of the extent of the security compromise remained sketchy Friday, but officials said only the Elk City and Eufaula police departments and the Kiowa County Sheriff Department were affected. The Department of Public Safety is urging anyone who has had contact with those agencies to check for any suspicious charges on credit cards or to obtain a credit report as soon as possible. Even people pulled over for a traffic stop but not given a ticket could be at risk. "Because this is an ongoing investigation, we are not able to release a lot of information,” said Capt. Chris West, spokesman for the Oklahoma Highway Patrol. West said he could not elaborate on how long security had been compromised at those locations or how many people may be affected by the security breach. "We believe it is a small number of individuals,” West said. "Those individuals will be contacted by the involved law enforcement agency.”Comments
What was affectedThe breach involved information used by the Oklahoma Law Enforcement Telecommunications System, a statewide computer network used by dispatchers to obtain instant access to all types of local, state and federal law enforcement databases. Police dispatchers typically use the system to verify the status of driver licenses, vehicle registration and to check for outstanding warrants and criminal history. Gene Thaxton, telecommunications director for the Department of Public Safety, said central files for the system are stored at his agency and were not affected by the breach. The system is accessible at roughly 380 terminals statewide at law enforcement agencies. Any information accessed by dispatchers that was displayed on their computer screen may have been sent to a third party by a computer virus found on the three affected computers. Both driver license numbers and Social Security numbers are listed in the database along with names and addresses, Thaxton said.
How it happenedThe security breach was the first discovered in the computer network, which has been in use since 1986. West said computers law enforcement agencies use for the Oklahoma Law Enforcement Telecommunications System often serve a variety of other functions, including unrestricted Internet access. Employees at the three agencies apparently accessed "inappropriate or undesirable Web sites,” where viruses were unknowingly downloaded onto the computers, West said. West said he could not elaborate on the type of sites in question, but Internet access at all 380 terminals has since been limited to a list of 15 approved sites related to law enforcement. Thaxton said the problem was discovered during a routine inspection of the system, which found private information was being sent to a third party outside law enforcement from those three computers. West said hard drives were removed from the infected computers and have been sent to the FBI for forensic analysis.
A surprise for policeEufaula Police Chief Don Murray said he first learned about the problem about 11 a.m. Friday. Murray said the state provided the computer his dispatchers use to access the telecommunications system and he didn't know it was capable of doing anything else. "I would have thought that was all they were restricted to do to begin with,” Murray said. Murray said he was surprised to learn that improper use of the computer may have led to the security breach and that he will take disciplinary action against anyone involved if the FBI can prove guilt. Murray said he is urging anyone who has had contact with his officers within the past year to watch out for identity theft, but that state officials didn't provide him a specific time frame of the breach. Elk City police officials were not available for comment, and Kiowa County officials didn't return a call seeking comment.