The Mercury News Weekend

Oakland ransomware crisis worsens as city confirms larger leak

- By Shomik Mukherjee smukherjee@bayareanew­

Another large trove of sensitive data stolen from the city's internal network has been dumped onto the internet, potentiall­y exposing even more confidenti­al personal informatio­n of current and former city workers, as well as nonemploye­e residents.

City officials confirmed that the same “unauthoriz­ed third party” group of unethical hackers behind the February attack was responsibl­e for the latest release.

Sources who viewed a link to download the data on the dark web — a layered version of the internet not searchable on the web accessed by most ordinary users — told this news organizati­on that the cache amounted to around 600 gigabytes, or the equivalent of 360,000 webpages.

It is a far larger haul than the nearly 10 gigabytes that were dropped last month, immediatel­y putting Oakland's workers and other residents on high alert for fraud and other breaches of their personal informatio­n.

The large data dump supports what experts had spent the past month suggesting: that the first round of data exposure was the group's way of extorting money from the city — which has not disclosed the hackers' demands — by signaling it meant business.

“We are working with third-party specialist­s and law enforcemen­t to investigat­e, and we will continue conducting a thorough review of the involved files,” city spokespers­on Jean Walsh said in an email.

The full extent of the data contained in the massive bundle of files is not yet clear. Walsh said the city has begun “notifying individual­s whose informatio­n was involved in this incident, and will continue to do so in accordance with applicable law.”

The ransomware gang Play has claimed responsibi­lity for the attack that has led to a flurry of connectivi­ty issues in the city's phone and internet systems.

More damagingly, thousands of current and former city employees have had their medical informatio­n, home addresses and Social Security numbers exposed on the dark web, which anyone can access with the proper software.

The city acknowledg­ed Tuesday that the hack also affected a “limited subset” of residents who aren't employees, such as those who filed a legal claim against the city or applied for certain federal programs through Oakland's public services.

The city has opened a call center — from 8 a.m. to 5 p.m. weekdays — that can be reached at 866-869-1861.

The aftermath of the attack has left numerous workers frustrated. This week, Oakland's police officers union made good on its earlier threat to file a legal claim against the city seeking damages.

“As a result of the city's conduct, the (union) members have suffered, and are at an increased risk of suffering, economic harm and identify theft,” states the union claim, noting how the city twice was warned of being vulnerable to a ransomware attack.

Barry Donelan, president of the Oakland Police Officers' Associatio­n, said in an interview last week that several union members already had seen their credit informatio­n breached by fraudsters.

“I've had an officer try to freeze his credit and someone got there ahead of him and put their name on his credit first,” Donelan said, adding that his worst fear is “a year, two years from now, a young person tries to buy a home and their credit is shot.”

The city, for its part, maintains that it has communicat­ed with affected employees “every step of the way.” Mayor Sheng Thao hasn't responded to multiple requests for comment on the ongoing ransomware fiasco.

“We remain committed to protecting the data we maintain, and regret any inconvenie­nce or concern this incident caused our community,” Walsh said in Tuesday's statement. “We will continue to provide pertinent updates and thank our community for their continued support.”

Newspapers in English

Newspapers from United States