The city of Akron notified Friday some of the taxpayers whose personal information — possibly including Social Security numbers, credit card numbers and checking account numbers — was compromised in a cyber attack and posted on the Internet.
Only about half of the affected people have been notified because the city did not have email addresses for all of those affected, Akron’s Chief Information Officer Rick Schmahl said.
The city announced that it had made a one-time arrangement to make reverse 9-1-1 calls Friday night to affected people based on the contact information that existed in the files.
The calls will direct people to the city’s website — www.akronohio.gov — for more information.
The number of affected residents is not known, although it could be between 25,000 and 30,000, Schmahl said. A news release the city issued at noon Friday said it was believed 8,000 names with related information were compromised. A subsequent news release said the city had notified 5,369 individuals by email and planned to use the reverse 9-1-1 to contact 5,714. The city will notify those without email or phone numbers on file by letter.
Schmahl said there are several databases, many with duplications, and the city is trying to determine how many unique accounts have been affected. Some of the files also included spouses’ names and Social Security numbers.
What is known, said Schmahl, is it appears the affected taxpayers are individuals who electronically filed city of Akron income tax returns in 2013.
Schmahl said it does not appear that individuals who used tax preparers were affected. If a tax preparer had a client e-file the taxes, that person could be on a compromised list, he said.
Around noon on Friday, the city issued a news release saying everyone on the lists had been notified by email and that people were given advice and resources. But later, Schmahl said not everyone who filed electronically was required to share an email address.
City officials said residents can call the 3-1-1 system to see if they are on the list. The 3-1-1 number is 330-375-2311 from a mobile phone.
3-1-1 hours extended
Today’s 3-1-1 hours of operation have been extended from 8 a.m. to 2 p.m. Individuals can also call the city’s income tax office at 330-375-2290 from noon to 4 p.m. Sunday.
A victim, who at first thought he was not among those whose information was compromised since the city initially said it had notified all victims by email, said he verified by calling 3-1-1.
Deputy Mayor Rick Merolla and Schmahl said Akron officials had been meeting Friday with the FBI to determine their next steps after the city’s website and internal systems were hacked by a Turkish group Thursday.
The FBI has told city officials that it is unlikely that they will be successful in shutting down the website where the hacked information is being shared, said Schmahl.
According to the city news release, “If you are on the list of individuals whose information was released, the FBI recommends that at this point, you monitor all your financial accounts very carefully until we have more information.”
Turkish group suspected
When asked whether the city will offer help or credit monitoring services to the affected residents, Merolla said the city is evaluating that possibility. “However, we don’t believe we did anything wrong. This was an unprovoked terrorist attack by a rogue group in Turkey.”
A local security expert has said an organization called Turkish Ajan is part of what is called the Anonymous’ OpUSA Campaign, which has been specifically trying to hack into various U.S. government websites.
AkronNewsNow.com reported Thursday that a message from the group in Turkish and English decrying U.S. policy in the Middle East appeared on the city’s website.
The group has claimed credit for hacking other sites recently, including the Mobile, Ala., police department, the Taiwan MTV website and McDonald’s sites in Austria, Taiwan and Korea.
The Beacon Journal will not provide information where the hacked files may be found online in order to protect possible victims.
Hacked files posted
The hacked files were posted on a website and appear to include spreadsheets. One file has more than 31,000 entries with names, Social Security numbers and addresses. Another file has account numbers and Social Security numbers.
In total, it appears there are 47,452 entries in the various files. The vast majority of the entries appear to be individuals’ names and their personal information. One file appears to be tax preparation companies.
Some of the information is partial and some appears to have full names, addresses and Social Security numbers. Another file shows credit card numbers and possibly some checking account numbers. But that file does not have names on it, making it more difficult to identify potential victims, Schmahl said.
Schmahl said the hackers appeared to use automated codes to try to get information from the city’s website.
The hackers were trying to go to areas of the city’s website where people could input data, such as tax information or the police department’s anonymous tip line, to take data instead.
“They backdoored their way to get the data back out,” he said.
Group inputs data
And in the process, the hackers also left a lot of information on the city’s systems. For instance, the police’s anonymous tip page had 600 tips “within no time at all. It was trying to put anywhere you put data,” Schmahl said.
He said city officials disconnected links between forms and the back-end databases when they found out about the attack on Thursday. Several parts of the website will remain down while the city analyzes what is going on.
The city is working with the FBI to determine if “there were some new hacker commands that they ran against this or did we just have some code on our web pages that wasn’t written,” Schmahl said.
He said it does not appear that the hackers left any type of viruses on the systems to get more information later.
“Whatever they have, they have, but they shouldn’t be able to get any more,” he said.
Stan Smith, a retired Akron detective and adjunct professor at the University of Akron who teaches digital forensic courses that include cyber crimes, said he was not surprised about the incident.
“You may not prevent someone from hacking into your network. However, if you have a good defense of monitoring what comes in and what’s leaving, you can stand a better chance of identifying someone from the outside trying to penetrate your system,” Smith said.
Schmahl said it is not known what the hackers intend to do with the information that has been posted on the web.
“Did they do it to embarrass us or are they trying to profit from it? If they’re trying to profit, how can they sell it if they made it freely available?” said Schmahl.
Schmahl said there is a possibility others could take the information and use it maliciously.
The FBI has brought in a forensic expert to look at the city’s systems, Schmahl said.
In the city’s news release, Mayor Don Plusquellic said: “No matter how sound a network security is, rogue groups continually look for ways to attack networks. We are doing all we can to minimize the impact of this attack. I encourage all of our citizens to please be diligent in monitoring your accounts while we continue our investigation with the FBI.”