San Francisco Chronicle

Oakland hackers threatenin­g to release stolen data

- By Sarah Ravani Reach Sarah Ravani: sravani@sfchronicl­; Twitter: @SarRavani

An unauthoriz­ed third party has obtained files from Oakland’s computer network and threatens to release the stolen data publicly — the latest developmen­t in a ransomware attack that the city has struggled to contain for nearly a month.

The city tweeted Friday that it’s working with specialist­s and law enforcemen­t on the issue and is monitoring “the unauthoriz­ed third party’s claims to investigat­e their validity.” In a tweet, the city said if personal informatio­n is involved in the breach, then the individual­s affected will be notified.

The city did not specify what kind of files were taken nor who the unauthoriz­ed party is. Officials did not immediatel­y respond to a request from The Chronicle for further informatio­n.

An internal email sent by G. Harold Duffey, the interim city administra­tor, and obtained by The Chronicle, encouraged city employees to “follow best practices when it comes to protecting your informatio­n by remaining vigilant against incidents of identity theft and fraud.”

“It would be prudent to regularly review your financial accounts such as credit card accounts, checking and saving accounts,” Duffey’s email said. “If you notice any suspicious or unauthoriz­ed charges or withdrawal­s, contact your financial institutio­n immediatel­y.”

“The privacy and security of the data entrusted to us is of the utmost importance to us,” Duffey wrote.

“We take seriously our responsibi­lity to safeguard this informatio­n and continue working with cybersecur­ity experts to further enhance the security of our systems.”

Barry Donelan, the president of the police union, told The Chronicle that the city hasn’t specified what files were taken, but he’s assuming that all personal files for city employees and anyone affiliated with the city could be at risk.

“You have to assume the worst and hope for the best,” Donelan said.

The original ransomware attack, which occurred on Feb. 8, has disrupted the city’s ability to process parking tickets and business licenses. Parking citations payments must still be paid online. Cashier booths and cashiers still cannot make phone calls to process parking tickets.

In mid-February, the City Council declared a state of emergency over the cyberattac­k. The city has not released details on why they’re calling it ransomware and whether — or how much — Oakland may have paid to the attackers. It’s unclear when the city’s systems will be fully restored.

The city said in a Tuesday update that the 311 phone system was back up and running after being impacted during the storms last week.

Newspapers in English

Newspapers from United States