The Mercury News Weekend
Oakland ransomware crisis worsens as city confirms larger leak
Another large trove of sensitive data stolen from the city's internal network has been dumped onto the internet, potentially exposing even more confidential personal information of current and former city workers, as well as nonemployee residents.
City officials confirmed that the same “unauthorized third party” group of unethical hackers behind the February attack was responsible for the latest release.
Sources who viewed a link to download the data on the dark web — a layered version of the internet not searchable on the web accessed by most ordinary users — told this news organization that the cache amounted to around 600 gigabytes, or the equivalent of 360,000 webpages.
It is a far larger haul than the nearly 10 gigabytes that were dropped last month, immediately putting Oakland's workers and other residents on high alert for fraud and other breaches of their personal information.
The large data dump supports what experts had spent the past month suggesting: that the first round of data exposure was the group's way of extorting money from the city — which has not disclosed the hackers' demands — by signaling it meant business.
“We are working with third-party specialists and law enforcement to investigate, and we will continue conducting a thorough review of the involved files,” city spokesperson Jean Walsh said in an email.
The full extent of the data contained in the massive bundle of files is not yet clear. Walsh said the city has begun “notifying individuals whose information was involved in this incident, and will continue to do so in accordance with applicable law.”
The ransomware gang Play has claimed responsibility for the attack that has led to a flurry of connectivity issues in the city's phone and internet systems.
More damagingly, thousands of current and former city employees have had their medical information, home addresses and Social Security numbers exposed on the dark web, which anyone can access with the proper software.
The city acknowledged Tuesday that the hack also affected a “limited subset” of residents who aren't employees, such as those who filed a legal claim against the city or applied for certain federal programs through Oakland's public services.
The city has opened a call center — from 8 a.m. to 5 p.m. weekdays — that can be reached at 866-869-1861.
The aftermath of the attack has left numerous workers frustrated. This week, Oakland's police officers union made good on its earlier threat to file a legal claim against the city seeking damages.
“As a result of the city's conduct, the (union) members have suffered, and are at an increased risk of suffering, economic harm and identify theft,” states the union claim, noting how the city twice was warned of being vulnerable to a ransomware attack.
Barry Donelan, president of the Oakland Police Officers' Association, said in an interview last week that several union members already had seen their credit information breached by fraudsters.
“I've had an officer try to freeze his credit and someone got there ahead of him and put their name on his credit first,” Donelan said, adding that his worst fear is “a year, two years from now, a young person tries to buy a home and their credit is shot.”
The city, for its part, maintains that it has communicated with affected employees “every step of the way.” Mayor Sheng Thao hasn't responded to multiple requests for comment on the ongoing ransomware fiasco.
“We remain committed to protecting the data we maintain, and regret any inconvenience or concern this incident caused our community,” Walsh said in Tuesday's statement. “We will continue to provide pertinent updates and thank our community for their continued support.”