City of Oakland Targeted by Ransomware Attack, Work Continues to Secure and Restore Services Safely

The City of Oakland has learned that it was recently subject to a ransomware attack. The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. 911 and fire and emergency resources are not impacted.

Update April 4, 2023

We have continued our thorough investigation into the ransomware incident with the assistance of cybersecurity professionals. Our extensive manual review of the data determined to be involved has to date determined that the personal information of certain current and former employees and a limited subset of residents – such as some individuals who filed a claim against the City or applied for certain federal programs with the City – was involved in this incident. We began notifying impacted employees in March and are mailing notification letters to impacted residents to provide them with further details and resources to help protect their personal information.

As a further community update, we recently became aware that the same unauthorized third party claiming responsibility for the ransomware incident has posted additional data allegedly taken from our systems during the incident in February to a website not searchable via the traditional Internet. We are working with third-party specialists and law enforcement to investigate and we will continue conducting a thorough review of the involved files. As noted above, we are in the process of notifying individuals whose information was involved in this incident, and will continue to do so in accordance with applicable law.

We encourage any individuals who receive a letter to contact the dedicated call center with any questions about the notice and how to sign up for services as applicable. That number is (866) 869-1861, and it is open Monday through Friday, 8:00 a.m. to 5:00 p.m., Pacific Time.

We remain committed to protecting the data we maintain, and regret any inconvenience or concern this incident caused our community. We will continue to provide pertinent updates and thank our community for their continued support.


Update March 22, 2023

The City of Oakland has sent notification letters to current and former employees whose personal information was impacted by the ransomware incident we experienced in February.

If you were a City employee (i.e., on City payroll) between July 2010 and January 2022 and have not received a notice, we encourage you to contact cyberfaq@oaklandca.gov with any questions about potential impacts to your data and resources available to you.
We have also set up an external call center that is available Monday through Friday, 9:00 a.m. to 5:00 p.m., Pacific Time, excluding U.S. holidays, and can be reached at (866) 869-1861.

Update March 21, 2023

We are aware that another unauthorized actor claims to have access to data removed from the City of Oakland’s systems. Our investigation with cybersecurity professionals and federal law enforcement remains ongoing. Based on our investigation so far, we have no indication there was additional unauthorized access of our systems. We will continue to provide updates as appropriate.


Update March 13, 2023

We continue to encourage former employees who worked for the City between July 2010 and January 2022 to contact our dedicated call center at (866) 869-1861 or email us at cyberfaq@oaklandca.gov with any questions about impacts to their personal data or resources available to them. The call center is available Monday through Friday, 9:00 a.m. to 5:00 p.m., Pacific Time, excluding U.S. holidays.

We take seriously our responsibility to protect our network and the data we store within it. We are committed to bolstering the City’s cybersecurity systems, reinforcing cyber hygiene best practices, and embedding a culture of security in everything we do. We are incredibly proud of our team who continue working hard to restore impacted systems and make our City more resilient. We look forward to emerging from this incident stronger than before, and will continue to provide updates as we have more information to share.


Update March 8, 2023

The City of Oakland remains committed to supporting our employees and community as we continue to recover from a recent ransomware incident.

An update for current and former City of Oakland employees:

While the investigation into the scope of the incident remains ongoing, the findings to date indicate that an unauthorized actor accessed computer systems where certain individuals’ personal information was stored as part of their employment with the City. As such, we have notified current employees who were determined to be involved and provided them with resources to help protect their personal information.

Our investigation to date has further determined that the involved files contain employee information dating from July 2010 to January 2022. Based on that information, we will be mailing formal notification letters to both current and impacted former employees to inform them about the potential data impact and provide resources to help protect their information.

In the meantime, if you were a City employee (i.e., on City payroll) between July 2010 and January 2022, we encourage you to contact cyberfaq@oaklandca.gov with any questions about potential impacts to your data and resources available to you. We have also set up an external call center that is available Monday through Friday, 9:00 a.m. to 5:00 p.m., Pacific Time, excluding U.S. holidays, and can be reached at (866) 869-1861.

An update for the Oakland community:

We understand non-City employee members of the Oakland community also have questions about this incident and potential impacts to their personal data. Please know, we are working diligently to thoroughly review the involved files to determine what and whose information may have been impacted. If we determine that additional individuals’ personal information was involved, we will notify those individuals directly. This process, done correctly, will take additional time to complete. We ask for your continued patience as we work through this comprehensive process with the utmost care and urgency.

We regret the concern this has caused and remain incredibly grateful for our community’s support. We will continue to be here for our community and share updates on our investigation as appropriate.


Update March 6, 2023

The City of Oakland was recently subject to a Ransomware incident. Our City employees, with the support of third-party specialists and information technology specialists from CalOES, have been working to fully restore any impacted systems and have made significant progress.

We are aware that an unauthorized party has released some of the information acquired from our network. We take this very seriously and are doing an in-depth review with the assistance of a specialized third-party data mining firm. We are dedicated to a thorough analysis to determine what and whose information is potentially involved, which will take time to complete. We are also coordinating this effort with law enforcement, including the FBI.

Based on the findings of this comprehensive review, we are actively notifying individuals whose personal information is determined to be involved as quickly as possible and in accordance with applicable law and providing resources to protect the personal information of those impacted.

“My Administration takes this very seriously and has been working hard to restore systems and provide assistance to anyone impacted” said Mayor Sheng Thao in response to the incident. “Moving forward we will focus on strengthening the security of our information technology systems.”

Protecting the confidentiality of the information we hold is a responsibility we take seriously. We apologize for any frustration or concern this incident may have caused, and we thank our community for their continued support. In the meantime, below are suggested best practices and resources that community members can consider to protect their personal information.

Review your accounts statements and credit reports:

It is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity over the next 12 to 24 months.

If you see unauthorized charges or activity, please contact your financial institution immediately.

You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report.Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft

Fraud Alerts and Credit or Security Freezes:

Fraud Alerts: There are two types of general fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud—an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for one year.You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years.

To place a fraud alert on your credit reports, contact one of the nationwide credit bureaus. A fraud alert is free. The credit bureau you contact must tell the other two, and all three will place an alert on their versions of your report.

For those in the military who want to protect their credit while deployed, an Active Duty Military Fraud Alert lasts for one year and can be renewed for the length of your deployment. The credit bureaus will also take you off their marketing lists for pre-screened credit card offers for two years, unless you ask them not to.

Credit or Security Freezes: You have the right to put a credit freeze, also known as a security freeze, on your credit file, free of charge, which makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account.If they can’t see your report, they may not extend the credit

How do I place a freeze on my credit reports? There is no fee to place or lift a security freeze. Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit reporting company. For information and instructions to place a security freeze, contact each of the credit reporting agencies at the addresses below:

You'll need to supply your name, address, date of birth, Social Security number and other personal information.

After receiving your freeze request, each credit bureau will provide you with a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

How do I lift a freeze? A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether. If the request is made online or by phone, a credit bureau must lift a freeze within one hour. If the request is made by mail, then the bureau must lift the freeze no later than three business days after getting your request.

If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit bureau the business will contact for your file, you can save some time by lifting the freeze only at that particular credit bureau. Otherwise, you need to make the request with all three credit bureaus.


Update March 3, 2023

While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly. We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.

Protecting the confidentially of the information we hold is a responsibility we take seriously. We will continue to work diligently to investigate and address this incident while working with our expert teams to enhance our security even more moving forward. We apologize for any disruptions this incident may have caused, and we thank our community for their continued support.


Update February 28, 2023

The City of Oakland continues to work diligently to test and restore remaining impacted systems. While we have made significant progress, we want to share additional information about the remaining impacts to certain public systems.

  • Oak311: The City of Oakland’s OAK311 phone system is back up. For urgent issues, call 311 or (510) 615-5566. This includes downed trees or tree limbs, flooding or sewer overflows, and street signal outages. Please report all non-emergency issues online.

  • Contracting & Funding Opportunities: The City of Oakland’s system for responding to contracting and funding opportunities, including BIDs and RFPs has been restored. Due to the delays, deadlines may be extended.

  • Parking Citation Assistance Center: Transactions currently cannot be made at the cashier booths and cashiers cannot receive phone calls. Payments for parking citations can be made online. If you prefer to pay through the phone payment system, this option is available 24/7 at (800) 500-6484. Staff is available to assist customers who visit in person with the phone payment system or available to assist with payments made via cell phone.

  • Business Tax Licenses: The Business Tax Online Payments system is currently unavailable. Taxpayers will be granted a 45-day extension from the March 1 due date to pay without incurring penalties, interest, and late fees. April 17 is the new deadline for business license tax payments.

  • Permitting: You may now apply for permits and upload/download documents through our online permit center. The permit counter has reopened for in-person services, to find out about hours of operation or to make an appointment visit our permitting site. The City is still working to restore access to online payments.

We will keep the community informed as we have further updates and express our ongoing gratitude for your continued patience and support.

Update February 22, 2023

The City’s IT Department and leading cybersecurity and forensic teams continue working around the clock to test and recover impacted systems. Thanks to their efforts, we are pleased to share that a lot of progress has been made over the last few days to restore the network and critical public safety and financial systems. We continue working on a phased approach to bring public facing systems like our business tax, permitting, contracting and work order back online.

We understand there have been questions around services that are impacted:

  • Oak311: The City of Oakland’s OAK311 phone system is currently experiencing a temporary system outage and calls are not being connected. Please report infrastructure emergencies to the Oakland Fire Department Dispatch non-emergency line at (510) 444-3322 until further notice. This includes downed trees or tree limbs, flooding or sewer overflows, and street signal outages. Please report non-emergency issues online.
  • Parking Citation Assistance Center: Transactions currently cannot be made at the cashier booths and cashiers cannot receive phone calls. Payments for parking citations can be made online. If you prefer to pay through the phone payment system, this option is available 24/7 at (800) 500-6484. Staff is available to assist customers who visit in person with the phone payment system or available to assist with payments made via cell phone.
  • Business Tax Licenses: The Business Tax Online Payments system is currently unavailable. Taxpayers will be granted a 45-day extension from the March 1 due date to pay without incurring penalties, interest, and late fees. April 17, 2023 is the new deadline for business license tax payments.
  • Permitting: You may now apply for permits and upload/download documents through our online permit center. The permit counter has reopened for in-person services, to find out about hours of operation or to make an appointment visit our permitting site. The City is still working to restore access to online payments.

The City is committed to minimizing the impact on residents doing business with the City. We are aware there are upcoming deadlines with associated late fees for various services. Residents will not be expected to pay late fees stemming from processing delays related to this incident.

California Governor’s Office of Emergency Services has responded to our request for additional resources through the state of emergency declaration. Trained IT experts from CalOES and other state departments including the California Military Department will be onsite at some of the City’s facilities starting tomorrow, February 23, to help in our workstation restoration efforts. We are extremely appreciative to the State for providing these additional resources to support in our City’s recovery.

While we continue to make progress, there is more work to be done. We are incredibly grateful for our community’s patience and will continue to provide updates as we work to restore services.

Update February 20, 2023

The City of Oakland remains committed to serving our community as we build on our progress toward restoring impacted systems as quickly and securely as possible. Thanks to the tremendous efforts of our IT Department, we have been able to restore access to public computers, and scanning, printing, copying and internet service at our libraries, and wireless internet throughout City facilities. Critical Public Safety services are restored.

The City of Oakland is grateful to have some of the industry’s top experts helping guide our response. We will keep the community informed as we have further updates and express our ongoing gratitude for the continued patience and support.

Update February 16, 2023

We are aware that the Business Tax License has an upcoming deadline with an associated late fee. Since we have issued a local emergency proclamation, the City of Oakland is able to provide a 45-day extension and will not impose fees until April 17.

We continue working nonstop to safely restore systems and bring impacted services back online as quickly as possible. However, this process – done correctly – will take time to complete. We will continue to keep our community apprised of the latest updates.

Update February 15, 2023

The City of Oakland continues to work around the clock to implement recovery plans that will restore impacted systems as quickly and as securely as possible.

As previously communicated, the network outage has impacted many non-emergency systems including our ability to collect payments, process reports, and issue permits and licenses. As a result, some of our buildings are closed. We encourage the public to email the service counters they want to visit before coming to City buildings.

Please continue to call 911 for emergencies. Our Police and Fire Departments continue to actively respond to emergency calls. If you would like to make a police report but it isn’t an emergency, we ask that you please file a report online. Please note some delays in our response are to be expected as we work through the impacts of this incident.

We will continue to update the public as we have more information to share. Thank you for your patience and understanding as we continue working to securely restore impacted systems.


Update February 14, 2023

Today, Interim City Administrator, G. Harold Duffey issued a local state of emergency due to the ongoing impacts of the network outages resulting from the ransomware attack that began on Wednesday, February 8. Oakland continues to experience a network outage that has left several non-emergency systems including phone lines within the City of Oakland impacted or offline.

The declaration of a local emergency allows the City to Oakland to expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis, while we work to safely restore systems and bring our services back online.

The City is appreciative of the community for their patience as staff across the organization work collaboratively to minimize disruptions and implement workarounds to normal business processes that allow the City to continue delivering services.

The City’s IT Department is working with a leading forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts. This continues to be an ongoing investigation with multiple local, state, and federal agencies involved.

Update February 13, 2023

As of today, the City continues to assess the impacts to its network systems in the aftermath of the ransomware attack that began on Wednesday February 8 during the night, and impacted our systems during the early morning hours of Thursday, February 9. 911 dispatch, fire emergency services, and the City’s financial systems are not impacted. However, because the City took the network offline to contain the attack, many systems remain down as City Departments develop plans to continue providing services safely to the public.

The City’s IT Department is working with a leading forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts. This continues to be an ongoing investigation with multiple local, state, and federal agencies involved.


Update February 10, 2023

The City of Oakland has learned that it was recently subject to a ransomware attack that began last Wednesday night. The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. 911 fire and emergency resources are not impacted.

The City is following industry best practices and developing a response plan to address the issue. In an abundance of caution, ITD has taken affected systems offline while they work to secure and restore services safely. In the meantime, the public should expect delays from the City as a result. We are actively monitoring the situation and sending updated information as it becomes available.



Share


Posted: February 10th, 2023 12:36 PM

Last Updated: April 4th, 2023 3:35 PM

Was this page helpful?

Report a problem with this page

Your feedback will help us improve our website. We cannot reply individually to all feedback.
Your feedback will help us improve our website. We cannot reply individually to all feedback.
Your feedback will help us improve our website. We cannot reply individually to all feedback.