In 2023, the City of Oakland suffered a severe **ransomware attack** executed by the **Play ransomware group**, exposing the personal data of thousands of current and former **police officers and city employees**. Compromised information included **home addresses, medical records, and Social Security numbers**, which were leaked on the **dark web**. The attack crippled the city’s IT systems for **weeks**, disrupting essential government services and delaying critical operations, including **police misconduct investigations**. The breach led to a **class-action lawsuit** with over **10,000 plaintiffs**, resulting in settlements of **$175 per affected officer** and up to **$350 for other employees** who proved financial harm. The city also offered **three years of free credit monitoring**. An earlier **2022 audit** had warned of **cybersecurity vulnerabilities** due to **understaffing and resource shortages**, but no action was taken. The incident exposed systemic neglect in Oakland’s digital defenses, raising concerns about **identity theft risks**—especially for police in a **high-crime city**—and prolonged **operational disruptions** across municipal services.
Source: https://www.govtech.com/security/oakland-calif-to-pay-police-staff-whose-data-was-exposed
TPRM report: https://www.rankiteo.com/company/oakland
"id": "oak3702437100825",
"linkid": "oakland",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '10,000+ (current and former '
'employees, including police '
'officers)',
'industry': 'public administration',
'location': 'Oakland, California, USA',
'name': 'City of Oakland',
'type': 'municipal government'}],
'customer_advisories': ['Three years of free credit monitoring offered to '
'class-action plaintiffs.'],
'data_breach': {'data_exfiltration': 'yes (data sold on dark web)',
'number_of_records_exposed': '10,000+',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['PII',
'home addresses',
'medical information',
'Social Security numbers']},
'description': 'The city of Oakland suffered a ransomware attack in 2023, '
'orchestrated by the Play ransomware group. The attack '
'disrupted city services for weeks, exposed sensitive personal '
'information (including home addresses, medical records, and '
'Social Security numbers) of over 10,000 current and former '
'employees, and led to a class-action lawsuit. The city agreed '
'to settlements, offering $175 to affected police officers and '
'up to $350 to other employees demonstrating financial losses, '
'along with three years of free credit monitoring. The '
'incident highlighted systemic cybersecurity vulnerabilities, '
'including understaffing and inadequate safeguards, as warned '
'in a 2022 audit.',
'impact': {'brand_reputation_impact': ['loss of trust in city government',
'public scrutiny over cybersecurity '
'neglect'],
'data_compromised': ['home addresses',
'medical information',
'Social Security numbers',
'personally identifiable information (PII)'],
'downtime': 'weeks to months',
'identity_theft_risk': 'high (data sold on dark web)',
'legal_liabilities': ['class-action lawsuit with over 10,000 '
'plaintiffs',
'settlements for affected employees'],
'operational_impact': ['disruption of basic city services',
'delays in officer misconduct '
'investigations',
'extended federal oversight of Oakland '
'Police Department'],
'systems_affected': ['city government technological systems',
'police department investigations']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes',
'high_value_targets': ['employee PII',
'city government systems']},
'investigation_status': 'resolved (settlements distributed in 2024)',
'lessons_learned': ['Public agencies are highly vulnerable to ransomware due '
'to understaffing and inadequate cybersecurity '
'safeguards.',
'Proactive audits (e.g., 2022 report) can forewarn of '
'risks, but require action to mitigate threats.',
'Data breaches in high-crime areas (e.g., Oakland) '
'amplify risks to personal safety, especially for law '
'enforcement.',
'Transparency and communication with affected '
'stakeholders (e.g., unions, employees) are critical '
'post-incident.'],
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['Financial settlements and '
'credit monitoring for '
'victims',
'Ongoing federal oversight '
'of Oakland Police '
'Department due to '
'investigative delays'],
'root_causes': ['Staffing and resource constraints '
'(per 2022 audit)',
'Lack of cybersecurity safeguards '
'compared to private sector',
'Delayed response and '
'remediation']},
'ransomware': {'data_encryption': 'yes (systems held hostage)',
'data_exfiltration': 'yes',
'ransomware_strain': 'Play'},
'recommendations': ['Invest in cybersecurity staffing and resources to '
'address audit findings.',
'Implement robust backup and recovery systems to minimize '
'downtime.',
'Enhance monitoring for dark web activity to detect '
'exfiltrated data early.',
'Establish clear incident response protocols, including '
'legal and PR strategies for breaches.',
'Provide identity theft protection and support for '
'affected individuals, particularly in high-risk roles '
'(e.g., police).'],
'references': [{'source': 'The News Station (TNS)'},
{'source': 'Oakland City Audit (2022)'},
{'source': 'Class-action lawsuit filings (Hada Gonzalez et '
'al.)'}],
'regulatory_compliance': {'legal_actions': ['class-action lawsuit (led by '
'Hada Gonzalez)',
'settlement agreement filed in '
'May 2024']},
'response': {'communication_strategy': ['public demands for transparency by '
"police officers' union",
'legal filings (class-action '
'lawsuit)'],
'remediation_measures': ['settlement payouts ($175 for police '
'officers, up to $350 for others)',
'three years of free credit monitoring '
'for plaintiffs']},
'stakeholder_advisories': ["Oakland Police Officers' Union demanded "
'transparency and criticized city leadership.',
"Attorney Scott Cole (plaintiffs' representative) "
'highlighted systemic neglect in cybersecurity.'],
'threat_actor': 'Play ransomware group',
'title': 'City of Oakland Ransomware Attack (2023)',
'type': ['ransomware', 'data breach']}