Last Updated on February 22, 2022, 7:27 AM | Published: February 21, 2022
OKLAHOMA CITY (Free Press) — The OKC Police Department contractor who handled certain parts of rape kit information over two years is blaming “third-party software” for a data breach revealed this weekend.
Rape kits are used to collect DNA evidence by law enforcement agencies for sexual assault investigations.
Saturday, those who had their DNA information stored by a contractor for OKCPD in connection to sexual assault investigations were informed by a U.S. Post Office letter from the department about the breach.
- Previous coverage: OKC Police rape kit info exposed in data breach of DNA contractor
DNA Solutions, Inc., was the contractor for handling certain types of data from rape kits collected by the Oklahoma City Police Department for two years. In a written response to our questions Monday, company spokespersons blamed the breach on third-party software for the breach.
“The investigation determined an unauthorized party accessed the network through an unknown vulnerability in a third-party software provider’s platform, and may have compromised certain personal and medical information,” the statement read. “The data did not include social security numbers, driver’s license information, or financial information.”
However, DNA Solutions has yet to clearly define what information was at least available for an attack to harvest from their systems.
We have not been able to confirm with the company or OKCPD which two years the company was under contract.
‘Y screening’
Monday, Master Sgt. Gary Knight with OKCPD told Free Press that DNA Solutions, Inc. had a contract to do “Y-screening” used to detect the Y chromosome of a male in evidence collected for sexual assault cases.
But, he said that’s all DNA Solutions did for OKCPD during the two years they were under contract. “We test our own DNA,” Knight said.
‘Everybody’
Knight told us that OKCPD sent letters out to a broad range of people last week. Some of those letters landed in mailboxes Saturday.
“We have sent out letters to everybody we thought could possibly have had anything to do with this just to err on the side of caution,” he said.
“Every one that we did a rape kit on — every single person [was sent a letter],” Knight continued. “So, we weren’t sending letters just to people we thought were affected. We sent a blanket number of letters to cover everybody that any rape kit was done on.”
Knight did not know what two years were covered or how many people they sent letters to in connection to this data breach.
“We just wanted to err on the side of caution and send one to anybody who could possibly have had their information there in that place [DNA Solutions],” concluded Knight.
Founder, publisher, and editor of Oklahoma City Free Press. Brett continues to contribute reports and photography to this site as he runs the business.
