Oakland City Hall reflected in the windows of a nearby office building. Credit: Amir Aziz

The hackers responsible for a highly disruptive ransomware attack against the city of Oakland published hundreds of gigabytes worth of stolen city files on the internet this week.

The leak of confidential information is the second release from PLAY, a group of cybercriminals who infiltrated the city’s computer systems and launched an attack in February. The city has been tight-lipped about the breach and hasn’t disclosed what demands the hackers made in exchange for access to data that was encrypted and stolen during the incident. But the second release of vastly more data appears to confirm that Oakland did not hand over money in response to the ransom.

The latest leak includes over 600 gigabytes of information, according to several sources The Oaklandside spoke with. The first leak last month was 10 gigabytes of information, and it included over a decade’s worth of sensitive files such as rosters of city employees with their dates of birth and social security numbers, which can be used to defraud individuals.

One source with the city said that many of the files contain Oakland Police Department records, including internal affairs investigations and discipline records.

More about the ransomware attack

Oakland’s police union on Monday announced they’ve filed a claim against Oakland for damage done to their members. The union is asking for a payment of $25,000 per officer, but OPOA president Barry Donelan said he hopes the outcome is that the city better secures its systems against cybercriminals.

A source that has accessed the second leak told The Oaklandside that it includes lots of police files, including discipline records that under state law are meant to remain confidential. Some files appear to be from councilmembers’ computers, including their communications with state officials and constituents. City employees’ medical records are another highly sensitive type of record in the second release.

The city acknowledged Tuesday that the hackers responsible for the attack have claimed to have released more files.

“We recently became aware that the same unauthorized third party claiming responsibility for the ransomware incident has posted additional data allegedly taken from our systems during the incident in February to a website not searchable via the traditional Internet,” the city’s communications team said in a statement.

According to the city, “personal information of certain current and former employees and a limited subset of residents—such as some individuals who filed a claim against the City or applied for certain federal programs with the City,” was made public as a result of the first leak in March.

The city has been trying to contact current and former employees and some residents whose information was published online to help them monitor their bank accounts and credit reports for any signs of fraudulent activity.

Darwin BondGraham

Before joining The Oaklandside as News Editor, Darwin BondGraham worked with The Appeal, where he was an investigative reporter covering police and prosecutorial misconduct. He has reported on gun violence for The Guardian, and was an enterprise reporter for the East Bay Express. BondGraham's work has also appeared with KQED, ProPublica and other leading national and local outlets. He holds a doctorate in sociology from UC Santa Barbara and was the co-recipient of the George Polk Award for local reporting in 2017.