Akron attorney and former councilman Warner Mendenhall, a frequent critic of city hall, last week emailed his 1,400 followers the Internet link to private taxpayer information that had been hacked from city computers.
That act has infuriated the administration.
“This scoundrel is so obsessed with trying to become mayor of Akron that he would risk hurting Akron’s citizens in his unending, devious, political pursuits,” Deputy Mayor Rick Merolla said in an email to a Beacon Journal reporter.
Shortly after the hacking was revealed publicly last week, Mendenhall emailed his followers saying state auditors warned years earlier that the city’s computers were vulnerable.
“Now thousands of Akron residents SSNs are on a website for world-wide download,” Mendenhall said in the email Friday. “Please notify your friends about this. Demand the Mayor and City Council provide identity protection services for Akron’s citizens whose social security numbers were released.”
He included the link to the hacked information. The records appear to include names of thousands of taxpayers, and in some cases their addresses, Social Security and bank account numbers.
Taking credit for the theft is Turkish Ajan, which is part of the Anonymous’ OpUSA Campaign targeting governments in the United States.
In an interview with a reporter, Mendenhall said he never opened the files, even to see if his own name was in it.
“I didn’t spend much time looking at the files,” he said in an interview Wednesday.
Nevertheless, he was confident he was providing a link to data the city said could be used for identity theft. He said he found the link by going through the website eSecurity Planet, which addresses Internet security issues.
“It was pretty clear, the security website had said that the data was right here at these links,” he said.
Mendenhall said he sent the links out so his followers could check whether they were in the files, but also included a warning about potential viruses and other hazards.
“I think the lesson is that we need to be careful and we need to be aware of what’s going on with our own credit cards and our Social Security numbers,” he said.
Asked if he increased the risk to private taxpayers by disseminating the link, he said, “I think that’s an interesting question, but it was already published in news organizations that already published the data.”
He was referring to the eSecurity Planet story on May 16.
The Internet page from which the records could be downloaded no longer works.
After talking to Mendenhall, a Beacon Journal reporter asked for an interview with Akron Mayor Don Plusquellic, but Merolla’s email said of Mendenhall, “We are not going to comment any further on someone who may have assisted the terrorists.”
Other news media including the Beacon Journal found the data on the Internet last week but declined to share the links with the public. The Beacon Journal said it made that decision to protect possible victims.
Meanwhile, the city continues to struggle with telling 35,000 people their names, Social Security numbers and possibly bank account numbers have been compromised.
The city has mailed 30,000 letters to affected individuals and continues to receive calls at its 311 service. Meetings also are being held at community centers.
Plusquellic has labeled the hacking a terrorist attack. Federal authorities are investigating.
Mendenhall thinks that is not enough.
“The city needs to get out in front of it and provide protection no matter what the cost,” he said.
He sent out another email late Wednesday saying, “1. The City should not have credit card and/or social security numbers available on a network connected to the web. 2. Social Security Numbers and Credit Card Information should be encrypted, so that, even if someone got the file, they could not read it due to the encryption. 3. The City computer system should be set to alert someone when the internet traffic is suspicious.”
City officials are working with credit bureaus to have the $5 fee for freezing credit either waived and/or reimbursed. According to state law, victims of identity theft can have their credit frozen for free.
Expert criticizes act
Eva Casey Velasquez, president and chief executive officer of the San Diego-based Identity Theft Resource Center, a nonprofit organization that helps ID theft victims, said Mendenhall’s act of sharing links to the data was not helpful.
“While we need watchdogs to ensure that our government is acting appropriate, to continue to disseminate the information and put out there in even more ways is not really in the best interest of those consumers who were already harmed,” she said.
Mendenhall said the public needs to remember that Social Security numbers used to be public record at the courthouse and other locations.
No one has indicated that they have been victimized by the hacking and Mendenhall said the issue might be overblown.
“I think the risk of a problem is less than we imagine,” he said, remembering that the state once released millions of voter records with Social Security records years ago.
He said the state was not sued over that, but he is not so sure about the city.
“One of the things I was asked is if there is a potential lawsuit against the city,” he said. “Well, I haven’t decided what the answer is.”
Betty Lin-Fisher contributed to this report. Dave Scott can be reached at 330-996-3577 or firstname.lastname@example.org. Follow Scott on Twitter at Davescottofakro.