Oakland confirms some private data leaked in ransomware attack

OAKLAND, Calif. (KRON) — An unspecified amount of data stolen from the City of Oakland in a recent ransomware attack has been leaked online, according to a statement from city officials.

On Friday, the City of Oakland confirmed that a third party was able to acquire some of the data from the attack, and they planned to release the information publicly. By Saturday afternoon, ransomware group PLAY had claimed responsibility for the attack and released the data.

The city shared a statement with KRON4 about the status of the investigation into the attack:

“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and released some of this information. We are working with third-party specialists and law enforcement on this issue, and are reviewing the involved files to determine their contents. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.

Protecting the confidentially of the information we hold is a responsibility we take seriously. We will continue to work diligently to investigate and address this incident while working with our expert teams to enhance our security even more moving forward.”

KRON On is streaming now

The City of Oakland initially informed residents of the ransomware attack on Feb. 10, nine days after the attack began. Several non-emergency systems were impacted afterwards including city phone systems, wireless internet at libraries, and the parking citation center. Most of these systems were back up by Feb. 28.

Cybersecurity analyst and security researcher Dominic Alvieri tells KRON4 he saw the post from PLAY threat group. He says employee IDs, passports and other documents were shared in the leak.