Data stolen from the City of Oakland in a ransomware attack last month has begun to find its way onto the dark web, reports have claimed.
The Play Ransomware threat actor has updated its leak website with data stolen from the City during the ransomware attack in mid-February, BleepingComptuer has reported.
For now, the group leaked a total of 10 gigabytes of data, split into multiple RAR archives. Whether or not the group publishes more content, remains to be seen, but the leaked caches reportedly contain plenty of sensitive employee information, more than enough for threat actors to run identity theft campaigns.
Sensitive data leaked
"Private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information. For now partially published compressed 10gb," the threat actor’s website said.
The City of Oakland also responded to the latest development, saying it’s keeping an eye on the situation and will notify affected individuals accordingly:
"While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly," the City’s statement reads.
"We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party's claims to investigate their validity. If we determine that any individual's personal information is involved, we will notify those individuals in accordance with applicable law."
In the attack, the City was forced to take its IT systems offline, but emergency services remained operational.
In a short Twitter thread published at the time, the city said that its core services weren’t affected, but that customers should expect delays in other services.
Public sector organizations are a popular target for ransomware operators, so the attack on the City of Oakland should not come as a surprise.
In early January 2023, cybersecurity experts Emsisoft published a report stating that last year more than 200 large public sector organizations in the US were impacted by ransomware. Besides the government, threat actors are also going after the education and healthcare industries. In about half of the discovered incidents, the threat actors made away with sensitive data.
- Here's our rundown of the best endpoint protection services right now