On February 8, 2023, the City of Oakland experienced a cybersecurity incident, which impacted many of our IT systems. Upon detection, we quickly took steps to contain the threat and secure our network, alerted law enforcement, and launched an investigation. Third-party cybersecurity and forensics experts were engaged to lead the investigation into the scope of the incident.
Since then, the City of Oakland has made outstanding progress on our recovery efforts. To date, nearly all of our IT systems that were impacted as a result of this incident have been restored. Our internal IT systems are fully operational, and community members can once again use our digital services to submit applications and check the status of permits, OAK311 requests and crime reports, CPRA complaints, the Rental Adjustment Program (RAP), business licenses, contracting and bid opportunities, as well as make payments and engage with the City of Oakland per our normal channels citywide.
The City is now working diligently to respond to and address outstanding requests received prior to and throughout the restoration phase. Getting through the backlogs may take some time. We also anticipate that some data during the restoration period may be permanently affected. The City is grateful for the support of the community during this challenging time and remains committed to providing reliable and secure services to its residents and businesses.
“We commend our IT Department for their hard work and tireless dedication to securely restoring impacted systems,” says Mayor Sheng Thao. “We also appreciate our entire City staff for their professionalism, creativity and commitment to service through any system workarounds and the many ways they continue to show up for our community every single day.”
“This has been challenging for our community and our staff, and we extend our deepest gratitude to everyone for their support in the face of this cyber threat,” says Oakland’s Chief Information Officer Tony Batalla. “I am extremely proud of the IT Department , who worked non-stop to contain the threat and rebuild the City’s IT infrastructure. I am also honored to work with so many dedicated staff across all City Departments. Together, we have recovered from this incident and can move forward. We remain committed to ensuring the safety and security of our systems, and we are already emerging from this stronger and more resilient than before.”
The investigation into the ransomware incident with the assistance of cybersecurity professionals remains ongoing. The extensive manual review of the data involved has, to date, determined that the personal information of certain current and former employees and a limited subset of residents – such as some individuals who filed a claim against the City or applied for certain federal programs with the City – was involved in this incident. The City began notifying impacted employees in March and continue mailing notification letters to impacted residents to provide them with further details and resources to help protect their personal information. The City will continue to will notify people in accordance with applicable law.
Residents, businesses and City employees should remain vigilant against cyber threats and practice good cyber hygiene, such as using strong passwords, keeping software up to date, and avoiding suspicious emails or websites. Below are suggested best practices and resources that community members can consider to protect their personal information.
Review your accounts statements and credit reports:
It is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity over the next 12 to 24 months.
If you see unauthorized charges or activity, please contact your financial institution immediately.
You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:
- Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
- Experian, PO Box 2002,Allen, TX 75013, www.experian.com, 1-888-397-3742
- TransUnion, PO Box1000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report.Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft
Fraud Alerts and Credit or Security Freezes:
Fraud Alerts: There are two types of general fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud—an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for one year.You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years.
To place a fraud alert on your credit reports, contact one of the nationwide credit bureaus. A fraud alert is free. The credit bureau you contact must tell the other two, and all three will place an alert on their versions of your report.
For those in the military who want to protect their credit while deployed, an Active Duty Military Fraud Alert lasts for one year and can be renewed for the length of your deployment. The credit bureaus will also take you off their marketing lists for pre-screened credit card offers for two years, unless you ask them not to.
Credit or Security Freezes: You have the right to put a credit freeze, also known as a security freeze, on your credit file, free of charge, which makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account.If they can’t see your report, they may not extend the credit
How do I place a freeze on my credit reports?
There is no fee to place or lift a security freeze. Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit reporting company. For information and instructions to place a security freeze, contact each of the credit reporting agencies at the addresses below:
- Experian Security Freeze, PO Box 9554, Allen, TX 75013, www.experian.com
- TransUnion Security Freeze, PO Box 160, Woodlyn, PA 19094, www.transunion.com
- Equifax Security Freeze, PO Box 105788, Atlanta, GA 30348, www.equifax.com
You'll need to supply your name, address, date of birth, Social Security number and other personal information.
After receiving your freeze request, each credit bureau will provide you with a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
How do I lift a freeze?
A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether. If the request is made online or by phone, a credit bureau must lift a freeze within one hour. If the request is made by mail, then the bureau must lift the freeze no later than three business days after getting your request.
If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit bureau the business will contact for your file, you can save some time by lifting the freeze only at that particular credit bureau. Otherwise, you need to make the request with all three credit bureaus.
See prior updates here.