NewsLocal NewsI-Team Investigations

Actions

City of Tampa among 18,000 targets of SolarWinds hack; exposing government data, personal info

Breach went undetected for months
hack generic.jpg
Posted at 6:00 AM, Apr 12, 2021

TAMPA, Fla. — The SolarWinds hack is being called the country’s biggest cyber-intrusion to date.

You might not have heard about it, but the ABC Action News I-Team has learned Tampa residents’ information may have been compromised.

In mid-December, most pandemic-weary Americans were thinking about holiday preparations, the vaccine roll-out and the most contentious presidential election in recent memory.

That’s why many of us missed the news that hackers secretly penetrated some of our nation’s most critical computer networks.

“You’re talking about some key government agencies, all the way to the Pentagon,” cybersecurity expert Scott Schober said.

Schober says the well-known Target credit card breach of 2013, where millions of customer's private information was hacked and sold on the dark web, pales in comparison.

18,000 companies and government agencies affected

“Now we’re talking about 18,000 plus companies and government organizations that we know about. So if you had to multiply it as a factor, this is hundreds of times potentially more devastating than a focused Target breach, where credit cards were specifically targeted,” Schober said.

The list of SolarWinds customers includes 425 of the U.S. Fortune 500 companies, the 10 largest telecommunications companies, all five branches of the military, the office of the U.S. President and hundreds of universities.

SolarWinds software is used to configure and manage computer networks.

Last March, hackers used a software update to breach SolarWinds customers’ firewalls, using malware to create back doors into the networks.

Experts believe teams of thousands of hackers then accessed information inside those networks, going undetected for nine months.

“It is personal information. It is possibly credit card information, it could be Social Security numbers, places of residence, log-in credentials,” Schober said.

The City of Tampa was one of two cities listed on SolarWinds’ customer page before the web page was removed after the breach was discovered.

Solar Winds list of customers.jpg
This is a list of SolarWinds customers before the company took it down from its website after the hack was detected. It says SolarWinds provided software to 425 Fortune 500 companies, the Office of the U.S. President and all branches of the military.

Cybercriminals may have accessed Tampa customer records, city’s infrastructure

Schober says cybercriminals could have had access to employee's and resident's personal information.

He says that hackers may have had the capabilities to use the city’s network to access critical infrastructure, like traffic signals, surveillance cameras, emergency services or water treatment facilities.

Earlier this year, the City of Oldsmar’s water supply was threatened when a hacker logged onto a computer network and manipulated chemical levels before an employee discovered and stopped the cyberattack.

The I-Team requested emails with the term “SolarWinds” from the city through an open records request, but we didn’t receive any records indicating SolarWinds contacted the city about the breach.

When asked about what steps have been taken by the city, a spokesperson responded in an emailed statement, “It’s our policy not to comment on matters involving security planning and/or response efforts.”

SolarWinds posted a security update on its website shortly after the breach was discovered.

“How did we miss this and what are we still missing?”

The breach has caught the attention of the federal government, including the U.S. State Department.

“We are looking very urgently as well at SolarWinds and its various implications,” U.S. Secretary of State Antony Blinken said at a press conference.

The FBI, the CIA and other security agencies said in a joint statement the attack was “likely Russian in origin.”

The U.S. Senate Select Committee on Intelligence held a hearing about the SolarWinds breach in February.

“The attacker knows everything they did and right now the attacker is the only one that knows everything they did,” Microsoft President Brad Smith testified.

“The bottom-line question is how did we miss this? And what are we still missing? And what do we need to do to make sure something like this, using these sorts of tools, never happens again?” U.S. Senator Marco Rubio, who is Vice Chairman of the committee, said at the hearing.

“Nobody knows how far-reaching it still could be, which raises all the red flags for everybody,” Schober said. “They actually will cover their tracks. There’s no breadcrumb trail, there’s no fingerprint to easily identify who’s behind it.”

A SolarWinds spokesperson says the company has taken steps to assist its customers, emailing us the following statement:

"As we've investigated this highly complex unprecedented attack, we have consistently worked collaboratively and transparently with all of our customers to help them navigate this challenge with the help and support of the entire SolarWinds team."

Cybersecurity experts say you should take action now to protect your personal information, including keeping a close eye on your accounts and changing your passwords frequently.

If you have a story you think the I-Team should investigate, email us at adam@abcactionnews.com.