Limited distribution: Oakland City Hall (11.7 GB)
Emails and files from the PLAY ransomware attack on Oakland City Hall, a large city in California with a long history of police abuses.
DDoSecrets is making available a series of internal emails and files from Oakland City Hall, a mid-sized city in the San Francisco Bay area with a long history of human rights violations. The files contain information about police assignments for active duty employees, lawsuit settlement agreements, social security numbers, and more.
The files were released after a ransomware negotiation that lasted about a month. The 11.7 GB sample released by the PLAY ransomware hackers contains information about ongoing litigation against the city, wire transfer records, bond sale information, and contracting data. DDoSecrets reviewed some of the files and has confirmed they contain officer disciplinary records including for supervisors who failed to report misconduct. We are also able to confirm the files include information on misconduct allegations against high-ranking police officers, and documents about internal affairs investigations.
April 4 Edit: PLAY has now uploaded a second set of data, which we are retrieving from their site. The ransomware group says the new data release adds up to 600GB.
The data also includes personal identifying information about city employees, their emergency contact and social security numbers, training data, policy documents, and other forms.
The City of Oakland has downplayed the ransomeware attack, stating that it's only impacted tax filings systems, 311, and permitting offices. It is clear from the data reviewed by DDoSecrets that the amount of information exfiltrated is more extensive than has been acknowledged by the city.
The data was published online by the PLAY ransomware blog after about a month of negotiations with the City of Oakland. PLAY has stated it may publish further data online in the future.1
Due to the large amount of personal identifying information (PII), we are only making the data available on limited distribution. Please contact us if you'd like a copy of the data.
Like our publication? Support us today by donating.
April 4 Edit: PLAY has now uploaded a second set of data, which we are retrieving from their site. The ransomware group says the new data release adds up to 600GB.