Hackers Behind Oakland Ransomware Attack Dump Data On City Employees
The ransomware attack on the city of Oakland has gone from bad to worse: The hackers behind the assault also stole files from the city, and have begun leaking them online.
This past weekend, the Play ransomware gang began dumping the stolen files —which span over 10GB of data— over the group’s site on the Dark Web. Play says the file dump includes “private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information.”
The gang is also warning it has more stolen data to dump, likely in an attempt to pressure the city to pay up to prevent more confidential information from leaking. “For now partially published compressed 10gb. If there no reaction full dump will be uploaded,” the Play gang wrote in their posting.
The San Francisco Chronicle downloaded the data, and confirmed it contains the social security numbers, drivers’ license numbers, birth dates and home addresses of city employees —information that other cybercriminals could abuse to conduct identity theft schemes. In addition, the data dump contains records covering police misconduct allegations, scanned bank statements from the city’s accounts, and private information on the current and past city mayors. (Oakland employs about 5,000 people.)
The city of Oakland didn’t immediately respond to a request for comment. But on Friday, the city said it was “aware” the hackers planned on dumping data allegedly stolen during the attack.
“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law,” the city said in a statement posted over its website.
The ransomware attack initially caused an outage last month across the city’s IT systems, including online services. According to the city’s website, Oakland is still working to restore its remaining systems.
As for the Play ransomware gang, the group is relatively new, emerging on the…
