Oakland man says fraudulent accounts opened, home purchased in his name after city's ransomware hack

"On the credit report, there's credit cards that should've been closed, they're now open with balances of $17,000 and $30,000."
Tuesday, December 26, 2023
OAKLAND, Calif. (KGO) -- It's been ten months since the city of Oakland's network was hacked and the personal information of tens of thousands of people was leaked onto the dark web. Now, one victim says multiple accounts have been opened in his name, making fraudulent purchases, including a house.

The I-Team was the first to report the city's oversight -- exposing dozens of victims who were never notified that their sensitive financial information was leaked.
[Ads /]
"It's a living nightmare," said Oakland native Dedrick Warmack, as he anxiously checked his mailbox. "On the credit report, there's credit cards that should've been closed, they're now open with balances of $17,000 and $30,000."

VIDEO: Dozens of Oakland ransomware victims never notified SSN were leaked on dark web, I-Team finds
Oakland ransomware victims never notified of SSN leak, I-Team finds


Warmack says his identity was stolen months after the city's network was hacked.

"I have no idea how many accounts have been opened in my name," he told the I-Team.



Warmack says his credit score dropped more than 200 points, but he didn't know at the time that was just the beginning.

At first, he says he started receiving strange phone calls and emails about refinancing a home. That was followed by letters he says he got from several banks notifying him of new accounts in his name.

"I knew something was going on," he said.

Warmack is one of dozens of victims the I-Team contacted who previously filed a claim with the city alleging injury, but instead ended up with their personal and financial information leaked.

Now, he says fraudulent checks are being made in his name.

RELATED: Oakland ransomware attack: Leaked data has more than 3.1K views on dark web

"Like this water and sewage bill for $2,000," Warmack told the I-Team as he scrolled through his accounts. "This is not East Bay Mud..."



Warmack says some of the bills appear to be from New England.

"It says it's an open balance, how can I have an open balance?"
[Ads /]
From there -- he says it only got worse.

"I'm getting notices about refinancing a home... and I'm like, I pay rent," said Warmack. "Somebody has something in my name somewhere since October, I've been getting emails from Best Buy about kitchen installations."



And to add to the stress, he says he didn't even know about it until the I-Team contacted him. Now, he's scrambling to get help.

In April, the I-Team spoke to dozens of victims on the phone and in person, but not one person said they received any notice from the city that their personal and financial information was impacted. We kept some of their identities anonymous.

"It was literally reliving the worst night of my life," said one Oakland resident.

"Someone put an apartment in my name without me even knowing," another person said.

VIDEO: Oakland police union says Mayor Thao is 'stonewalling' crucial info about ransomware attack
Oakland mayor is 'stonewalling' crucial info on ransomware attack: POA


In March, the I-Team asked Oakland Mayor Sheng Thao about the status of informing the thousands of people impacted by the breach, but we didn't get a straight answer at the time.



"We have notified the current employees, and not just that but we've also notified the employees that have left the city," said Thao during the March press conference.

That was ten months ago. This week, the city told the I-Team the notification process was completed "several months ago."

But the I-Team has still received complaints from residents affected who say they still haven't been notified.
[Ads /]
In May, the mayor committed to spending an additional $10 million to upgrade and harden cyber security protections over the next two years. Documents obtained by the I-Team from the city administrator's office show only 30 percent of that goal has been spent since. This includes the rebuilding of OPD's CCTV server, which the mayor says is now fully operational.

But other concerns still linger.

"We're being poorly managed at the city of Oakland," said city council member Noel Gallo.

VIDEO: Did Oakland have right cyber insurance before the ransomware hack? Expert weighs in

On the heels of a multi-million dollar missed opportunity to fight retail theft, following 1,000 911 dispatcher applications overlooked, some city officials are concerned about another mistake, including cyber insurance.

Eight months ago, the I-Team consulted cybersecurity experts to weigh in on whether Oakland's current policy is sufficient enough to protect against a future ransomware attack.

Chris Hetner, a cybersecurity specialist formerly with the Securities and Exchange Commission told the I-Team the answer is no.

"It seems like it's mostly covering comprehensive electronic information and security liability coverage, so that assumes it's tied to data," Hetner told the I-Team. "If I think about the disruption tied to ransomware, like shutting down systems, not being able to deliver services, it seems like this policy is not designed to meet those needs."

In a statement provided to the I-Team, the city says their cyber insurance policy has not changed since the incident.

It's leaving victims like Warmack wanting to leave the city, worried this nightmare won't end.

"If Oakland can't protect themselves, how are they going to protect our information?" he said.

Take a look at more stories and videos by the ABC7 News I-Team.

If you're on the ABC7 News app, click here to watch live

Copyright © 2024 KGO-TV. All Rights Reserved.