PLAY Ransomware Gang Leaks Data From City of Oakland Attack

In February, the City of Oakland, CA experienced a high-profile ransomware attack that forced them to take several systems offline and declare a local state of emergency.

The City of Oakland was targeted by the PLAY ransomware gang and the attackers were able to steal sensitive data from the city's systems which included personal information of city employees (birthdates, addresses, social security numbers, etc.) as well as financial records.

In addition, highly confidential records including Internal Affair investigations of the Oakland Police department and civilian city employees, as well as records revealing city whistleblowers identities, were also part of the breach. This type of data takes the risk a step further from identity theft and can very well put people in physical danger.

This week, the hackers made good on their ultimatum and released nearly 10 Gigabytes of data on their website, which has attracted more than 1,100 visitors as of this article.

Initial reports stated this data was mostly financial and personal information that is used for identity theft, as opposed to the confidential law enforcement and whistleblower records – but that may be intentional by the hackers, who are possibly saving the more dangerous data for the next wave to be released.

The PLAY ransomware gang has signaled this is the first of many data leaks until their demands are met. What specifically these demands are have not been confirmed, but there are reports that the ransomware gang is demanding up to $9 million for the files.

Ransomware attacks have become increasingly common in the government sector in recent years, due to the large-scale impact an attack can have on an entire city or municipality. In fact, 12% of all ransomware attacks in 2022 were on municipalities, according to an industry survey – and this is just 12% of the reported amount of ransomware attacks, a number much lower than in actuality.

The City of Oakland has confirmed they are working with law enforcement, including the FBI, and with a third-party organization to restore any impacted systems. They are also providing resources for those who suspect, or may know, that their information was part of the attack (or leak) including credit monitoring and freezes.

For more information on the City of Oakland attack, mitigation or victim resources, please visit

How To Avoid Ransomware Attacks

Ransomware attacks are only increasing across all industries. This is why it is more important than ever to take preventative steps to safeguard your organization, people, and data, including:

Preventative measures such as an IT Risk Assessment and Third-Party Risk Management can also assist in identifying high risk areas where Ransomware attacks are more likely to occur.  

With these controls in place, organizations can better minimize and mitigate the damage and ensure an expedited recovery effort. It’s paramount to implement these controls early to minimize the potential risks.

A proactive approach to addressing cybersecurity risks can be the difference between identifying and preventing a malicious event such as a ransomware attack.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at

 To learn more, visit our dedicated Cybersecurity page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Single Audit Reporting Reminders
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.