The Feb. 8 incident reportedly exposed the personal data of current and former employees and affected city systems for several weeks.
In a news release issued Thursday, the city said that as soon as it detected the attack, “we quickly took steps to contain the threat and secure our network, alerted law enforcement, and launched an investigation. Third-party cybersecurity and forensics experts were engaged to lead the investigation into the scope of the incident.”
Oakland “has made outstanding progress on our recovery efforts,” the city said. “To date, nearly all of our IT systems that were impacted as a result of this incident have been restored. Our internal IT systems are fully operational, and community members can once again use our digital services to submit applications and check the status of permits, OAK311 requests and crime reports, CPRA complaints, the Rental Adjustment Program, business licenses, contracting and bid opportunities, as well as make payments and engage with the City of Oakland per our normal channels citywide.”
The incident did create a backlog in handling residents’ needs during the response period, and the city said it is “working diligently to respond to and address outstanding requests received prior to and throughout the restoration phase,” noting that doing so “may take some time.” The city also noted that some data “may be permanently affected.”
Mayor Sheng Thao credited the city’s technologists, led by Chief Information Officer Tony Batalla, for their work since the attack.
“We commend our IT Department for their hard work and tireless dedication to securely restoring impacted systems,” Thao said. “We also appreciate our entire city staff for their professionalism, creativity and commitment to service through any system workarounds and the many ways they continue to show up for our community every single day.”
Batalla, who was named Oakland’s CIO and IT director one year ago, said the city’s IT systems have been hardened and made more secure since the incident.
“This has been challenging for our community and our staff, and we extend our deepest gratitude to everyone for their support in the face of this cyber threat,” Batalla said. “I am extremely proud of the IT Department, who worked non-stop to contain the threat and rebuild the city’s IT infrastructure. I am also honored to work with so many dedicated staff across all city departments. Together, we have recovered from this incident and can move forward. We remain committed to ensuring the safety and security of our systems, and we are already emerging from this stronger and more resilient than before.”
Cybersecurity experts are working with the city as the investigation into the ransomware incident continues.
City officials confirmed that after an “extensive manual review of the data involved,” it has verified that the personal information of some current and former employees and a limited subset of residents was involved. This included “some individuals who filed a claim against the city or applied for certain federal programs with the city.”
Affected employees were notified last month, and the city has offered one year of free credit protection to employees whose data may have been compromised. The city is also sending notification letters to impacted residents, providing them with resources to help protect their personal information.
Employees and residents were advised to review their account statements, credit reports and other financial information over the next two years and to “practice good cyber hygiene, such as using strong passwords, keeping software up to date, and avoiding suspicious emails or websites.”
The frequency of ransomware attacks is on the rise against public-sector agencies, with similar incidents having targeted Bay Area Rapid Transit, Contra Costa County and the city of Modesto.
In Oakland, Batalla has a staff of about 85 and an IT budget of about $37.5 million. He was featured in an Industry Insider — California “One-on-One” interview in October, and he has written commentaries for the publication.
This article was originally published by Industry Insider — California, Government Technology's sister publication.