The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack.
The initial data leak consists of a 10GB multi-part RAR archive allegedly containing confidential documents, employee information, passports, and IDs.
“Private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information. For now partially published compressed 10gb,” stated the cybercriminals on their data leak site.
In an updated statement posted yesterday, the City stays that they are monitoring the situation and will notify any individuals whose personal information was exposed.
“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly,” the City of Oakland said in a statement.
“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”
The City suffered the ransomware attack on February 8th, with all IT systems taken offline until the network was secured.
While the attack did not impact 911 and emergency services, many other systems were taken offline, including phone service and systems used to collect payments, process reports, and issue permits and licenses.
Oakland later declared a local state of emergency to allow the City to expedite orders, materials and equipment procurement, and activate emergency workers as needed.