On February 20, 2023, the City of Oakland announced that it was the victim of a ransomware attack, which had caused significant disruptions to its systems. The city’s IT department immediately began working to investigate and contain the incident.
As of February 22, the city had made significant progress in restoring its network and critical public safety and financial systems. However, some public-facing systems such as the Oak311 phone system and the Business Tax Online Payments system were still unavailable.
The City was working on a phased approach to bring these systems back online, and had provided alternative ways for residents to report non-emergency issues and make payments for parking citations. In addition, taxpayers were granted a 45-day extension to pay business license taxes without incurring penalties, interest, and late fees.
The City was also working with third-party specialists and law enforcement to investigate the incident and determine the scope of the attack. The City had become aware that an unauthorized third party had acquired certain files from its network and intends to release the information publicly. If any individual’s personal information is involved, the City will notify those individuals in accordance with applicable law.
The City of Oakland took the protection of the confidentiality of the information it holds seriously and was continuing to work diligently to investigate and address the incident while working with expert teams to enhance security measures moving forward.
On February 23, the California Governor’s Office of Emergency Services responded to the City’s request for additional resources through the state of emergency declaration. Trained IT experts from CalOES and other state departments, including the California Military Department, were onsite at some of the City’s facilities to help in the restoration efforts. The City was extremely appreciative of the State’s additional resources to support its recovery.
The City was committed to minimizing the impact on residents doing business with the City and would not expect them to pay late fees stemming from processing delays related to the incident. The City was continuing to work diligently to restore all of its systems and was incredibly grateful for the community’s patience during this time.
As of March 3, the City of Oakland’s investigation into the ransomware attack remained ongoing. The City had become aware that an unauthorized third party had acquired certain files from its network and intends to release the information publicly. The City was working with third-party specialists and law enforcement on this issue and was actively monitoring the unauthorized third party’s claims to investigate their validity. If any individual’s personal information is involved, the City will notify those individuals in accordance with applicable law.