Akron Mayor Don Plusquellic called the hacking of the city’s website by the Turkish Ajan “a terrorist attack” Monday night and threatened to cut off diplomatic relations with Turkey if the country fails to cooperate with the investigation into the incident.
Plusquellic said Deputy Mayor of Economic Development Bob Bowman attended a trade fair in Turkey about six weeks ago, and the mayor has gone to events there as well.
“They did this as an attack on the United States,” he said during Akron City Council’s meeting.
Turkish Ajan is part of what is called the Anonymous’ OpUSA Campaign, which specifically has been trying to hack into various U.S. government websites. The group succeeded with Akron and Mobile, Ala., sites Thursday afternoon, posting information — including, in Akron’s case, taxpayers’ Social Security numbers and account information — to another website, where it could be downloaded by anyone on the Internet.
Plusquellic said the city is coordinating with Mobile, and the FBI is assisting with the investigation. He said the city has spent $36 million on upgrades to its computer hardware and software since 1997.
“There’s nothing I know of personally or professionally that we could have done more than what we have done,” he said.
The website where information about Akron taxpayers was posted after the hacking was taken down Saturday, city officials said.
“We don’t know if it’s because the FBI intervened or because it was free to share for a day or two and then you have to be a paying customer,” said Rick Schmahl, Akron’s chief information officer. “It is offline now — gone. Nobody else can download.”
Deluge of calls
Akron has been deluged with phone calls while trying to determine how its website and internal server were hacked about 2 p.m. Thursday. The city has also been searching for ways to help the victims of the hacking, who include some city employees and their relatives.
The city filed a police report — listing itself as the victim — on the hacking and is hoping other individual victims can use the report to request free freezes from credit agencies or to provide documentation to banks. The police report is posted on Akron’s main Web page, www.ci.akron.oh.us/.
The report says Turkish Ajan compromised “approximately 35,000 tax files of individual’s names, social security numbers and addresses.”
“Our hope was that people will be able to use this general report to get a free credit freeze and have a document to send to credit card companies,” Schmahl said. “There’s no way we can do 35,000 police reports.”
Akron is attempting to notify everyone whose information was compromised, first by doing reverse 911 calls and emails, now by sending letters to every person, regardless of whether they already were contacted by phone or email. The city also will have law directors posted at six community centers today and Wednesday to answer questions and provide information.
The city originally said the affected taxpayers are individuals who electronically filed city of Akron income tax returns in 2013.
Several people who filed in other years or who didn’t file electronically, however, contacted the Beacon Journal to say their information also was compromised. Plusquellic told council Monday it is more than 30,000 people who were affected and goes “beyond those who filed electronically.”
Schmahl said the city notified people who might have had their phone numbers included in the hacked information, though other identifying information, like Social Security numbers, wasn’t included.
“It didn’t cost extra to send out more [notifications] through phone and email,” he said. “I would much rather have somebody notified that they need a credit freeze than to not tell somebody and have them be the first one who had identity fraud against them. Let’s err on the side of safety.”
Schmahl said none of the possible victims has reported fraud or credit problems.
He said the parts of the city’s website that were hacked remain down.
“We didn’t want to take any chances, so the same thing can’t happen over again,” he said.
Web master returning
Jim Jones, the city’s web master, will return to work today after being on vacation for over a week. Schmahl said he and Jones will be talking about what needs to be done to prevent future hacking and whether the city has the expertise in-house or needs to hire outside help to improve its defenses.
The FBI is examining the city’s firewall logs to make sure “what we know they got is all they got. We want to make sure nothing else is out there,” Schmahl said.
Calls to Akron’s 311 information line have been so heavy at times that people haven’t been able to get through. The city has brought in extra staff and offered extended hours over the weekend to handle the deluge of calls. This step might be taken this weekend, if necessary, said Stephanie York, the city’s spokeswoman, who also has been fielding calls and emails because her contact information is written on city news releases.
Cabinet members affected
Plusquellic’s daughter, council members Bob Hoch and Marilyn Keith, and Deputy Mayor Rick Merolla and his wife are among the people whose information was accessed.
“It’s not just the constituents,” York said. “It’s staff. It’s Cabinet members. We’re all affected by this.”
City officials still don’t know if the group that hacked the site did so to get personal information for ill purposes or simply to embarrass the government. To be safe, they suggest that anyone whose information was compromised freeze their credit and/or monitor their accounts.
Patricia Taylor said during council’s public comment period that she doesn’t think residents should have to pay the $15 to freeze their credit — $5 to each of the three credit-reporting agencies.
“It may not have been the city’s fault, but I don’t think we as taxpayers should have to pay,” she said.