Oakland Faces Potential Lawsuits in the Aftermath of Ransomware Attack

Oakland, CA - As Oakland continues to recover from a devastating ransomware attack, the city now finds itself confronting another challenge: the possibility of costly lawsuits from employees, residents, and other individuals who may have been harmed by the cyberattack. Since the data breach was revealed in February, four legal claims and one class action lawsuit have been filed against the city, signaling the potential for legal battles ahead.

 

Under California law, individuals seeking damages from a government agency must first file an administrative claim with the public agency allegedly responsible for the harm. If the claim is rejected, then a lawsuit can be filed. Hada Gonzalez, an Oakland police services technician, appears to have filed the first claim against the city on March 9, alleging that cybercriminals breached Oakland’s inadequately protected information network and gained access to her personally identifiable information. Although the specific details of the breach were not disclosed, Gonzalez expressed concerns about the increased risk of identity theft, the security of her personal information, and unspecified out-of-pocket expenses.

 

On April 25, Gonzalez proceeded to file a class action lawsuit, represented by the Cole and Van Note law firm and the Rains Lucia Stern St. Phalle & Silver PC law firm. Class action lawsuits enable individuals to sue on behalf of a larger group, potentially benefiting from a settlement or verdict. In her suit, Gonzalez claimed that she has been forced to explore identity theft insurance options and credit monitoring.

 

The ransomware attack, allegedly orchestrated by hackers affiliated with the criminal group PLAY, infiltrated Oakland’s computer systems on February 8. This attack resulted in the disruption of services across various departments, including the shutdown of Oak311. Additionally, the hackers accessed sensitive data from city servers, including social security numbers, dates of birth of city employees, and confidential records from the Oakland Police Department (OPD), such as discipline records and internal affairs investigations.

 

Ransomware attacks have become a common extortion scheme worldwide, with local governments in the United States frequently being targeted due to the wealth of data they possess, which can be utilized for identity theft and fraud. According to cybersecurity research website Comparitech, there were approximately 330 ransomware attacks on U.S. government organizations between 2018 and 2022.

 

Oakland spokesperson Nicole Neditch revealed that the city has already notified approximately 13,000 individuals affected by the breach. She added that nearly all of the city’s IT systems have been restored as of April 27, but the city refrained from commenting on the pending litigation. Although Oakland officials have not publicly discussed whether the city will meet the demands for payment, the hackers have recently published hundreds of gigabytes of stolen data online, posing an unknown risk of identity theft and fraud to Oakland residents.

 

While ransomware attacks and demands for ransom often make headlines, the long-term legal consequences are frequently overlooked. In Oakland’s case, the publication of stolen data has allegedly caused harm to some city employees. The first claim, filed by Hada Gonzalez, was followed by a claim from OPD sergeant Bradley Keith Young on March 23. Young expressed concerns about his compromised personal information and sought reimbursement for expenses related to credit protection services. David Martinez, a construction inspector, filed a claim on March 30, accusing the city of failing to protect his sensitive information.

 

The most significant claim to date was filed by the Oakland Police Officers’ Association on behalf of all its members on March 30. The police union claimed that several members had received notifications of fraudulent credit card activity and encountered credit-related problems resulting from the breach. Other unions representing Oakland City employees have not filed claims but have demanded assistance for their members. The Oakland City Union Coalition, representing major unions in Oakland, requested the provision of credit and identity protection services