Social security, bank info of Oakland employees, businesses may be compromised in ransomware leak
OAKLAND, Calif. (KGO) -- The personal and financial account information of thousands of city workers and small business owners may be compromised after a ransomware group leaked its first batch of stolen data.
Multiple sources tell the ABC7 News I-Team the city has not paid any of the ransom reported to be up to nine million dollars, but hackers are said to have followed through on a threat to leak some of the stolen data if money wasn't paid.
"This is even more serious now," said Councilmember Noel Gallo. "It looks like it's going to be around for a while... the impact will be a lot greater and tremendous."
According to Gallo, the group behind the attack, "Play Ransomware" or "Play Crypt" is known internationally for attacking government organizations and hotel chains.
The ransomware attack happened on Feb. 8 and has been crippling city systems ever since. Oakland declared a local state of emergency the following week. Several non-emergency systems, including phone lines within the city of Oakland were impacted or offline, but the city said 911, fire, and other emergency resources and financial data were not impacted. But now concerns over financial data leaks is the latest threat.
RELATED: City of Oakland says ransomware attack 'contained' as services slowly come back online
"I'm constantly checking my bank account," Gallo said, adding he was notified Monday his social security, credit card, and bank account information may be compromised from the attack. "Now we're being asked to check for fraud alerts for the next 12 to 24 months."
The first batch of stolen data leaked potentially compromised employee IDs, passports, and other documents, according to sources briefed on the matter.
Gallo says for weeks the impacts of the outage have gone from bad to worse -- it's now impacting his ability to do his job. He says his constituents can't reach him as his phone line and computer are still offline.
"I got to get to city hall right now to be able to get our tech representative to help me... my computer, it's still not working, I cannot use Zoom," Gallo said as he walked to his car. "You call my office? Sorry, we're not answering phones."
The Mayor's office was unavailable for an interview but told the I-Team in a statement:
"We are aware that an unauthorized party has released some of the information acquired from our network. We take this very seriously and are doing an in-depth review with the assistance of a specialized third-party data-mining firm. We are dedicated to a thorough analysis to determine what and whose information is potentially involved, which will take time to complete. We are also coordinating this effort with law enforcement, including the FBI."
VIDEO: Here's a look at how other cities solved their cyberattacks
The city added they're actively notifying individuals whose personal information is determined to be involved in the leak as quickly as possible.
"Moving forward we will focus on strengthening the security of our information technology systems," said Mayor Sheng Thao in a statement sent to the I-Team.
Stephanie Sierra: "Did the city not have the proper anti-virus software protections in place?"
Noel Gallo: "It appears that's what happened."
RELATED: Expert explains how City of Oakland may have become victim of ransomware attack
Gallo says the concern is not only with city employees but with any person who attempted to do business with the city, like pay taxes or file for a business permit.
"This really is affecting our lives, our livelihood," said Crystal Wahpepah, the owner of Wahpepah's Kitchen nestled inside Oakland's Fruitvale BART station. "I find it very scary."
Wahpepah is one of thousands of small business owners that tried to pay her taxes online by March 1, but couldn't log on to the city's website because of the outage. For weeks, she could only see a red warning alert that's still present on the website.
"All we could see is that big red sign... saying pretty much the city is down right now," she said. "It's putting our business bills on hold."
But now their worry has shifted from paying bills to their bank account information being leaked.
"How was this information not protected?" said Wahpepah. "The city needs to fix this."
Gallo says the city extended the deadline for businesses to pay city-related taxes from March 1 to April 1 to prevent any further headache of a late-fee surcharge. He says a City Hall representative is available to assist people in-person with making payments or related inquiries while the site is down. The councilmember added some banks are already reacting to the leak expressing concern over the use of ATMs.
It's unclear if the hackers subsequently accessed information from specific banking locations. Gallo says that's part of the investigation.
If you're on the ABC7 News app, click here to watch live
