Oakland Ransomware Attack Gets Personal

Oakland is the latest in a long string of municipalities targeted by cybercriminals.

  • May 2, 2023 | Author: Khali Henderson
Learn More about this topic

Article Key

The city of Oakland, Calif., is living every organization's worst cybersecurity nightmare—a sprawling ransomware attack that just keeps getting worse. 

The attack began in February, causing network outages and leading to the city administrator declaring a state of emergency to activate emergency workers, expedite the procurement of equipment and other items needed to restore services, and fast-track the issuance of orders. The initial attack didn't take down vital services (e.g., 911, fire department responses, etc.) but included the release of about 60GB of sensitive personal information to the dark web. 
 
Now, another shoe has dropped—a massive 600GB dump of additional personal information has the city scrambling to contain the fallout. "We are still going through what has actually been taken and dropped onto the black web. As you know, it takes time to download, and so we're waiting for the full downloading of all this information," Oakland Mayor Sheng Thao said, according to CBS News. "We are actively reaching out to anyone whose info may have been compromised, whether or not they work for the City of Oakland."
 
A claim has reportedly been filed against the city by the Oakland police officers' union pursuing:
  • Monetary damages
  • Credit monitoring and restoration services
  • Identity theft
City and Local Governments Are Common Targets
Oakland is the latest in a long string of municipalities targeted by cybercriminals. Cities often have no choice but to pay up when ransomware attacks strike, which makes them ripe for ongoing exploitation. But it's not just ransomware gangs that government entities must worry about. They also must protect against the following:
  • Nation-state actors seeking to create chaos and discord target critical infrastructure.
  • Data on citizens being stolen and sold on the dark web
  • Hacktivists targeting a range of systems and infrastructure to make political statements
Protecting Your Government Clients
Working with a security vendor with programs tailored to the unique challenges faced by state and local governments can go a long way toward tipping the balance of power away from the bad guys and toward your government clients. Solutions should be powered by unified advanced threat intelligence and include:
  • Anti-ransomware 
  • Voice, cyber and physical infrastructure security
  • Remote site security 
  • Digital government asset protection
  • Insider threat protection
  • Compliance and accountability reporting
 

Related Content