Dozens of Oakland ransomware victims never notified SSN were leaked on dark web, I-Team finds

Stephanie Sierra Image
Thursday, April 13, 2023
Oakland ransomware victims never notified of SSN leak, I-Team finds
Dozens of victims of Oakland ransomware hack were never notified their social security numbers were leaked on the dark web, the I-Team found.

OAKLAND, Calif. (KGO) -- As the City of Oakland continues to grapple with a second data leak exposing highly sensitive and personal information of thousands of people, many victims still feel left in the dark.

The ABC7 News I-Team spoke with dozens of people whose information was leaked on the dark web. Aside from living in Oakland, these individuals have very different stories but share one thing in common: They filed claims with the city alleging injury.

The people we spoke with spanned from disabled veterans, social workers, alleged victims of police abuse and members of the U.S. Air Force that filed claims following incidents where they felt wronged by the city. These incidents spanned from accusations against OPD for bullet holes shattering car windows, alleged false arrests, and physical injuries that resulted in pricey medical bills. For example, the I-Team reviewed at least 11 other claims from people alleging they were struck by OPD cars, some citing careless driving and documenting sustained back and neck injuries.

RELATED: City of Oakland systems only 85% back online 2 months into ransomware attack, Mayor Thao confirms

Yet, none of these individuals realized at the time filing these claims would backfire with possible identity theft - all their personal information, including social security numbers, drivers licenses, home addresses and phone numbers posted onto the dark web.

The files available on the dark web included folders titled "social security confidential data," "scanned bank statements," "internal probationary claims and lawsuits" along with OPD confidentiality agreements and internal affairs investigation reports.

"I can't believe this is happening," said Shavon Brown, who filed a claim with the city after an alleged false arrest. "I'm reliving the worst day of my life."

We spoke to dozens of victims on the phone and in person, but not one person said they received any notice from the city their personal and/or financial information was impacted. We kept some of their identities anonymous.

RELATED: Oakland ransomware attack: Leaked data has more than 3.1K views on dark web

Victim #1: "Basically someone hacked my account!"

Victim #2: "A lot of anxiety is building up."

Victim #3: "Ugh, someone put an apartment in my name... without me even knowing."

Sources tell the I-Team, initially 10 gigabytes of data was leaked. Now, the city says at least 600 gigabytes of data was leaked in the second dump last week.

Three weeks ago, the I-Team asked Oakland Mayor Sheng Thao how far along her administration was informing the thousands of people impacted by the breach, but we did not get a straight answer. The I-Team asked again this week, but still received no response.

VIDEO: Oakland police union says Mayor Thao is 'stonewalling' crucial info about ransomware attack

The Oakland police union has accused Mayor Sheng Thao of stonewalling their attempts to get update on the scope of the ransomware attack.

It got us wondering - what exactly has been leaked on the dark web? And what price will the victims pay?

The I-Team consulted cyber security professionals to download the data to get a better idea of what kind of information is being exposed.

"We are still going through what has actually been taken and dropped onto the black web," said Mayor Thao. "As you know, it takes time to download and so we're waiting."

It took the I-Team three to four hours to download all the data.

"The situation is messy," said Ahmed Banafa, a tech expert and professor of engineering at San Jose State University.

MORE: FBI has seized website used by notorious ransomware gang

Sierra: "On a scale of 1 to 10, how bad is this?"

Ahmed: "Very high... I give it an 8 to 9 out of 10."

"If the city was a business, this is going to be like, you know, the death case for that business. The business is going to be gone, because so many people are going to go after them and sue them to the degree, that they're going to deplete every single resource they have."

Sierra: "How long do you think these victims be haunted by this?"

Ahmed: "It depends again on how bad is your account being used, your SSN, your birthday, and how many times they use it. How many accounts they open."

Sources tell the I-Team former employees are calling city hall upset because they still have heard nothing. At random, we called more than three dozen victims with leaked SSN - but not one person was notified beforehand from the city.

MORE: FBI warns new variant of ransomware fraud targets hospital, medical device companies in Bay Area

Victim #4: "This is crazy... this is crazy..."

Victim #5: "Very untrustworthy... I am devastated..."

Victim #6: "I don't know how to fathom this."

Victim #7: "If they couldn't protect themselves, How can the city protect us?

The I-Team learned about a law passed in 2017 that no longer required immigration status be disclosed in litigation. According to several attorneys briefed on the matter, this means all of the victims didn't have to release their social when filing these claims against the City of Oakland.

Take a look at more stories by the ABC7 News I-Team.

Now Streaming 24/7 Click Here

If you're on the ABC7 News app, click here to watch live