Second Massive Data Leak Follows Ransomware Attack On Oakland
In other cybersecurity news …
In February, the City of Oakland declared a state of emergency after a ransomware attack hampered local government operations.
Now, the city is confirming a massive second data leak by the Play ransomware group, which claimed responsibility for the ransomware attack.
“We recently became aware that the same unauthorized third party claiming responsibility for the ransomware incident has posted additional data allegedly taken from our systems during the incident in February to a website not searchable via the traditional internet,” the city said. “We are working with third-party specialists and law enforcement to investigate and we will continue conducting a thorough review of the involved files.”
The stolen data include the personal information of certain current and former employees, and a limited subset of residents, such as some individuals who filed a claim against the city or applied for certain federal programs with the city. It’s mailing notification letters to impacted residents to provide them with further details and resources to help protect their personal information.
Sally Vincent, senior threat research engineer at LogRhythm, said the people who have had their personally identifiable information (PII) leaked from this hack are already becoming victims of financial crimes.
“These double extortion attempts are becoming routine and can lead to lawsuits from victims whose data was leaked,” she said. “Cities need to have a robust cybersecurity posture to be able to defend against these attempts to steal and extort data as long as these hackers may continue to profit from their crimes. In addition to other preventative measures like password hygiene, threat detection, and real-time monitoring and visibility capabilities, this posture should incorporate efficient incident response strategies. Prioritizing security and protecting sensitive data also requires continuous patching, creating backups and putting emphasis to educational training.”
Daniel Selig, security automation architect at Swimlane, said the hacking group has released an additional 600 gigabytes of data, following the initial 10 gigabytes that was revealed last month.
“Data compromised in the leak includes personal documents stolen from the city’s police department, including information about the city’s mayor,” he said. “What’s more, the operations of several vital city services have been affected due to the attack and resulting breaches. The city was finally able to reinstate its 311 phone line, its system for city contracts and its online permit center just last week. Some services remain crippled.”
In order to reduce the likelihood of such attacks and ensuing breaches in the future, organizations must implement low-code security automation to assist in detecting and responding to threats in real time by enabling total visibility into IT infrastructures, Selig said.
“Endpoint security products that incorporate low-code security automation provide businesses with a coordinated protection plan that, in the end, safeguards citizens by keeping the most important data safe and secure from outside threats,” he said.