1. Home
  2. States
  3. Oklahoma

Oklahoma

Table of Contents

Data breaches occur when an unauthorized party accesses an individual's or group's sensitive or personal information. These parties access the documentation through various methods, including hacking, social engineering or phishing, malware, denial of service attacks, and insider mistakes.

Typically, cybercriminals infiltrate and steal information for financial, ideological, or personal reasons. In Oklahoma, the issue is present, though it ranks 29th in the nation in terms of the number of persons affected yearly. In 2023, the state lost $66,967,060 to data breaches. Most of the targeted attacks, as illustrated, were on healthcare facilities and local government institutions.

Identity Theft Statistics

Identity Theft
Reports
35TH
State Rank (Reports per 100K Population)
3,706
Identity Theft Reports
Fraud & Other
Reports
47TH
State Rank (Reports per 100K Population)
18,738
Total Fraud & Other Reports
Fraud
Losses
$10.3M
Total Fraud Losses
$268
Median Fraud Losses

Top Ten Report Categories

Imposter Scams
22%
Identity Theft
17%
Telephone and Mobile Services
8%
Prizes, Sweepstakes and Lotteries
7%
Debt Collection
5%
Online Shopping and Negative Reviews
5%
Banks and Lenders
5%
Auto Related
4%
Credit Bureaus, Iformation Furnishers and Report Users
3%
Internet Services
2%

Top Identity Theft Types

27%
1,981
Credit Card Fraud
24%
1,750
Other Identity Theft
14%
995
Employment or Tax-Related Fraud
12%
857
Bank Fraud
12%
850
Loan or Lease Fraud
7%
526
Phone or Utilities Fraud
4%
306
Government Documents or Benefits Fraud

Oklahoma's Recent Biggest Data Breaches

2023
November

INTEGRIS Health Data Breach

Integris Healthcare, the largest nonprofit healthcare network in Oklahoma, suffered a data breach in November 2023. Immediately, the organization suspended activities and began an investigation to determine the source of the breach. It learned that some of their patients were also getting communications from a group that claimed responsibility for the unauthorized access. Personal information depends on the person, though the investigation showed it related to names, birth dates, demographic data, contact details, and Social Security numbers. More than 2.3 million people were affected following the incident. Aside from the investigation, INTEGRIS also notified the affected people concerning the best way to protect their information. Several lawsuits have already been filed against the healthcare institution.

2022
July

Oklahoma Student Loan Authority Data Breach

In July 2022, Nelnet, which supplies the Oklahoma Student Loan Authority, found vulnerabilities from the point when student loan account registration data became accessible to an unauthorized party. When they discovered the problem, they informed the Student Loan Authority that their data security team took action to secure the system and block all suspicious activities. They also initiate the assistance of external specialists to assess the leak level. From the assessment, it was found that 2.5 million records were breached as a result of the event. Nelnet informed the federal Department of Education and offered the affected individuals credit monitoring as well as identity theft protection.

2022
January

Oklahoma Healthcare Authority Data Breach

In January 2022, the Oklahoma Healthcare Authority found that personal information within the Medicaid member portal was accessed. It was made public to a certain number of the other Medicaid members. This was the case from February 2017 to January 2022. As soon as Gainwell, a medical benefits service used by the authority, determined the issue had occurred, it immediately launched an investigation, taking measures to restrict access to information. From its assessment, Gainwell found that the problem lay in configuration. When a member went from one Oklahoma SoonerCare Medicaid account to a different one, the individuals within the new account could have accessed data in the older account. The only affected people were limited to this section of members. All potential access was also limited to the affected individual's household members.

2019
August

Oklahoma Law Enforcement Retirement System Data Breach

In August 2019, the Oklahoma Law Enforcement Retirement System discovered that one employee's details were compromised following a breach. Because of access to this specific breach, they initiated an investigation and hired an external party to confirm what had occurred. It was found that data from 3796 people was accessed during the data breach. Information accessed may have included names, email addresses, home or work addresses, and telephone numbers. OLERS began to notify those affected and relayed information on the steps they could take to avoid further damage. That includes initiating a credit freeze or setting a fraud alert to their credit accounts.

2019
June

Oklahoma District Attorneys Council Data Breach

The Oklahoma District Attorney's Council became alerted to an individual's personally identifiable information being available over a legacy web interface. Immediately, they removed the content. An investigation began, and it found that information concerning 502 vendors was exposed. Once it was discovered, the council moved to stop the breach, contacted those affected, and issued guidance on the best way to protect their information: by placing a credit freeze or even a fraud alert on their credit account. They also provided complimentary credit monitoring to all who were affected.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Unfamiliar
Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
Sign-in to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach

01

Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.

02

Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.

03

Contain the Breach

Isolate the affected system to prevent further damage.

04

Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.

05

Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.

06

Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.

07

Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.

08

Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.

09

Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.

10

Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

Under state law, Entities are required to disclose any security breach of systems to all residents whose information has been accessed. All businesses in Oklahoma are required to do this without any unreasonable delay. Delays would only be permitted when notification interferes with law enforcement investigations. Data breach notifications can be made by email, telephone, or written notice to those affected. The law also provides for substitute notice. This is the case if there are more than 100,000 people affected. Using substitute notices is also permissible if the notification costs are higher than $50,000. Alternative notification methods may also be permitted if the business does not have enough contact information for those affected by the breach. A substitute notice may be effected by conspicuous posting on the website, emails to those affected, and notifying all major statewide media.

The Oklahoma attorney general also has exclusive authority to bring action and get damages for a violation of the statute. This will not exceed $150,000 for every breach of the security system. Though the law does not have specific mandates for what should be included in notices, the rule of thumb is they are to include the following:

  1. Business names and contact data
  2. The types of personal information accessed
  3. Steps taken to mitigate the damage from the breach and to protect the current information from further breach
  4. Contact information of the other consumer reporting agencies
  5. Recommendations on actions to take on the affected person's side

Laws

  • Oklahoma Security Breach Notification Act defines all personal information as an individual's first, initial, and last names. That is in combination with driver's licenses, Social Security numbers, financial account or credit card numbers. It also mandates that businesses disclose data breaches to those affected when they occur.
  • Oklahoma Legislature, SB 1337 concerns the Security Breach Notification Act. This modifies notice requirements for security systems breaches, modifying civil penalties for violations.

Resources

Table of Contents