Hackers Start Leaking Data Stolen from City of Oakland

Play ransomware operators have claimed responsibility for the cyber-attack on Oakland city systems and are now leaking troves of data allegedly containing confidential documents, employee information, passports and IDs.

In early February, the City of Oakland was forced to take systems offline as it worked to contain a cyber-intrusion. Oakland’s core functions remained intact, with the city assuring citizens that they could reliably reach out to 911, fire and emergency departments, as well as some finance-centric services maintained by the city.

A week later, Interim City Administrator G. Harold Duffey declared a local state of emergency to expedite procurement of equipment and materials, activate emergency workers where needed, and issue orders on an expedited basis.

City officials have since restored many services, including the City of Oakland’s OAK311 phone system. However, the municipality is still busy restoring operations to normal.

Now, the Play ransomware crew has taken responsibility for the hack and members are already leaking data allegedly captured from Oakland City’s servers.

The leak consists of a 10GB multi-part RAR archive said to contain “private and personal confidential data, financial information, IDs, passports, employee full info, human rights violation information,” the threat actors say, according to BleepingComputer.

In a recent update, the city said it is aware of the data theft.

“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity,” reads the notice.

The city pledges to notify impacted individuals in accordance with applicable law, if the investigation determines that personal information has indeed made it into the hackers’ hands.