Mountain Park, Oklahoma, said a cybersecurity breach affected its Town Hall network after unauthorized access to municipal systems was identified May 11.
The town initially took all Town Hall systems offline as a precaution, but later determined that only its administrative system had been accessed, Town Clerk Shawn Norman said in an email to DysruptionHub. Norman said the system does not contain personal or identifiable information about residents.
Mountain Park sits in Kiowa County in southwestern Oklahoma, near the Wichita Mountains and about 40 miles northwest of Lawton. The town had an estimated 265 residents in 2024, according to Census Reporter, and census estimates show household and per capita incomes below both county and statewide levels.
The town said it requested help from the Oklahoma State Bureau of Investigation on May 11 after identifying unauthorized access to municipal systems, according to a June 2 release posted June 3. State investigators are examining the incident under the Oklahoma Computer Crimes Act, the town said.
Mountain Park initially said it had notified residents whose information may have been affected by the breach. Norman later said no resident information was affected because the Public Works Authority system was not breached.
The town’s administrative email was the only public-facing service disrupted, Norman said. No emergency services or utility operations were interrupted, and the town’s computer network is operating at near-regular status while it works with service providers and IT professionals to fully resolve the issue, he said.
“The security of our community’s information is of the utmost importance,” town officials said in the June 2 release. “We are committed to full cooperation with OSBI and will continue working closely with investigators to identify whoever is responsible for this criminal activity.”
Norman said the town received no ransom demands and found no ransomware on its systems. He said the town could not comment on whether data was copied or removed, or whether any third party may have been involved, because the OSBI investigation remains active.
The bureau is the only outside agency assisting Mountain Park with the investigation, Norman said.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The town has completed an internal restructure of internet services at Town Hall, updated employee security credentials and is working with an IT specialist on additional protections, Norman said.
Mountain Park’s breach adds to a series of recent cyber incidents affecting small local governments. Alexandria, Tennessee, shut down town computers after fraudulent Amazon orders tied to an account breach; Palouse, Washington, restored its city website from a hosting provider backup after a cyberattack; and Colebrook, New Hampshire, said a hacked town email prompted the state to cut some system connections, disrupting clerk, dispatch, motor vehicle and records-related access.
Mountain Park said it will provide another public update after OSBI concludes its investigation. The town’s network is operating at near-regular status, but the investigation has not resolved who was responsible, how the administrative system was accessed or whether any town data was copied or removed.
