IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Oakland Ransomware Attackers Leak More City Data

A hacker group released more stolen files from Oakland's computer network, city officials said Tuesday — the second release in a month that has compromised personal data for current and former employees.

Ransomware
Shutterstock
(TNS) — A hacker group released more stolen files from Oakland's computer network, city officials said Tuesday — the second release in a month that has compromised personal data for current and former employees.

The new trove of data was more than 65 times larger than an initial release of files in March.

City officials did not specify when the data was posted or what was shared. The city said in a comment to The Chronicle that it "recently became aware" that the same hacker group has released additional data "allegedly taken from our systems during the incident in February to a website not searchable via the traditional Internet."

"We are working with third-party specialists and law enforcement to investigate and we will continue conducting a thorough review of the involved files," the statement read. "We are in the process of notifying individuals whose information was involved in this incident, and will continue to do so in accordance with applicable law."

The Chronicle was able to view the published files using a link that was published on the dark web and found that nearly 600 gigabytes of new files were released.

The release comes as the city struggles to get a handle on a ransomware attack that has disrupted city systems for nearly two months and unleashed criticism from current and former employees about the handling of data leaks after the attack.

On Monday, officials with the police union filed a claim arguing that the city failed to implement "reasonable, industry-standard security protocols for its information systems," and as a result, employees' personal information was compromised. City officials confirmed in February that a cyberattack had hit Oakland's offices, preventing residents from filing police reports, paying taxes and processing parking tickets. That month, the City Council declared a state of emergency due to the attack.

Last month, a "threat actor group" called Play released over 9 gigabytes of data and documents, including hundreds of records related to police misconduct allegations and scanned bank statements from the city's operating account. The March release also included 12 years of city employee rosters that list thousands of current and past employees' Social Security numbers, driver's license numbers, birth dates and home addresses. The city said in a statement to The Chronicle on Tuesday that after reviewing the initial leak, they determined that some residents who had filed claims against the city or applied for certain federal programs with the city also had their information leaked.

Some of the documents were public records, like lawsuits filed against the Oakland Police Department. But the March data dump also included Social Security information, which could put people at risk of identity theft.

In response, the city offered current and former employees a complimentary membership to Experian, which helps people detect whether their identity has been stolen and what to do if a theft occurs.

The city has not said whether the group is asking for ransom and for how much, but it appears, with the release of the additional data, that the city has paid no ransom.

Oakland officials said the city has been working with the FBI and the state's Office of Emergency Services to investigate the attack.

© 2023 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.