Data stolen from the city of Oakland in a ransomware (opens in new tab) attack from last month is starting to make its way to the dark web, reports claim.
The Play Ransomware threat actor has updated its leak website with data stolen from the city during the ransomware attack in mid-February, BleepingComptuer reports.
For now, the group has leaked a total of 10 gigabytes of data, split into multiple RAR archives. Whether the group publishes more content remains to be seen, but the leaked caches reportedly contain a lot of sensitive employee information, more than enough for attackers to run identity theft campaigns.
Sensitive data has been leaked
“Private and personal confidential data, financial information. IDs, passports, complete information about employees, information about human rights violations. For now partially published compressed 10 GB,” the threat’s website said.
The City of Oakland also responded to the latest development, saying it is monitoring the situation and will inform affected individuals accordingly:
“While the investigation into the scope of the incident affecting the City of Oakland is still ongoing, we recently learned that an unauthorized third party has obtained certain files from our network and intends to make the information public. the city’s statement read.
“We are working with outside specialists and law enforcement on this matter and are actively monitoring the claims of unauthorized third parties to investigate their validity. If we determine that an individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”
The attack forced the city to take its IT systems offline, but emergency services remained operational.
In a brief Twitter thread published at the time, the city said its core services were not affected, but customers should expect delays in other services.
Public sector organizations are a popular target for ransomware operators, so the attack on the City of Oakland should come as no surprise.
In early January 2023, cybersecurity experts Emsisoft published a report stating that more than 200 large public sector organizations in the US were affected by ransomware last year. In addition to the government, threat actors also focus on education and healthcare. In about half of the detected incidents, the threat actors made off with sensitive data.
Through: Beeping computer (opens in new tab)