San Francisco Chronicle
Oakland hackers threatening to release stolen data
An unauthorized third party has obtained files from Oakland’s computer network and threatens to release the stolen data publicly — the latest development in a ransomware attack that the city has struggled to contain for nearly a month.
The city tweeted Friday that it’s working with specialists and law enforcement on the issue and is monitoring “the unauthorized third party’s claims to investigate their validity.” In a tweet, the city said if personal information is involved in the breach, then the individuals affected will be notified.
The city did not specify what kind of files were taken nor who the unauthorized party is. Officials did not immediately respond to a request from The Chronicle for further information.
An internal email sent by G. Harold Duffey, the interim city administrator, and obtained by The Chronicle, encouraged city employees to “follow best practices when it comes to protecting your information by remaining vigilant against incidents of identity theft and fraud.”
“It would be prudent to regularly review your financial accounts such as credit card accounts, checking and saving accounts,” Duffey’s email said. “If you notice any suspicious or unauthorized charges or withdrawals, contact your financial institution immediately.”
“The privacy and security of the data entrusted to us is of the utmost importance to us,” Duffey wrote.
“We take seriously our responsibility to safeguard this information and continue working with cybersecurity experts to further enhance the security of our systems.”
Barry Donelan, the president of the police union, told The Chronicle that the city hasn’t specified what files were taken, but he’s assuming that all personal files for city employees and anyone affiliated with the city could be at risk.
“You have to assume the worst and hope for the best,” Donelan said.
The original ransomware attack, which occurred on Feb. 8, has disrupted the city’s ability to process parking tickets and business licenses. Parking citations payments must still be paid online. Cashier booths and cashiers still cannot make phone calls to process parking tickets.
In mid-February, the City Council declared a state of emergency over the cyberattack. The city has not released details on why they’re calling it ransomware and whether — or how much — Oakland may have paid to the attackers. It’s unclear when the city’s systems will be fully restored.
The city said in a Tuesday update that the 311 phone system was back up and running after being impacted during the storms last week.