Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

The 2023 Oakland Ransomware Attack: 6 Lessons for Businesses


In early February 2023, the city of Oakland was hit by a devastating ransomware attack that brought the city's government to its knees.  

Due to a possible phishing email, leaked personnel data dating back to 2010 became available online and the IT department shut down city IT systems and landlines in an effort to contain the damage.  

If an entity as large as the city of Oakland isn’t safe, what chances do you have of keeping your business safe?  

As a managed IT service provider (MSP), Intelligent Technical Solutions (ITS) has had to answer this question for each of our clients for over 20 years.  

Today, we invited Ryan McBride, a Cybersecurity expert from Field Effect, to answer this question and give his advice for businesses looking to move forward from the attack. He’ll share his insight into questions like: 

  • What happened during the 2023 Oakland ransomware attack? 
  • What lessons should businesses learn from the attack? 
  • How can you keep your personal information safe? 

Whether you are a small business owner or a large enterprise, the lessons from this attack are essential for anyone looking to protect their organization from the growing threat of cybercrime. 

What is the 2023 Oakland Ransomware Attack? 

ransomware attack

On February 10, the city of Oakland released a statement explaining hackers hit their systems with ransomware two days before. Government officials immediately started coordinating with law enforcement for their next steps. 

Unfortunately, that was only the beginning. Due to the ransomware attack, Oakland residents experienced:  

  • Down website and landlines 
  • Inability to make payments and claim permits 
  • Delayed tax filing and salary  
  • Inaccessible city systems  

The scope of the disaster prompted Interim City Administrator G. Harold Duffey to declare Oakland under a state of emergency 

This breach clearly highlighted how careful entities like municipalities need to be. 

“Municipalities have a few things going against them that make them a really attractive target,” McBride said. “Unlike a business, if you're a municipality, you can't declare bankruptcy and say, OK, see ya!” 

To make matters worse, while the city of Oakland worked on fixing the previous issues, the hacking group - later revealed to be Play - started threatening to reveal confidential personnel information. They eventually released data, which included:  

  • Current and former city workers’ social security numbers, home addresses, and medical data 
  • Personal information of city residents (specifically those who have filed for claims or federal benefits)  

As a result, multiple residents and organizations have filed lawsuits against Oakland, calling for damages. The government has sent out notices to affected individuals and businesses while juggling the huge financial hit of the attack. 

Oakland officials are still coordinating with the FBI, cybersecurity experts, cybersecurity company KnowBe4, residents, and businesses; they are working overtime to mitigate the damage and recover full-system safety and capacity. 

New call-to-action

6 Ransomware Lessons for Businesses Moving Forward  

So, your data might be out there. What do you - and your company - do now? 

1. Reset any password connected to the city of Oakland. 

McBride pointed out password resets as one of the most overlooked actions businesses need to take after a breach like the Oakland ransomware fiasco. All passwords used related to the Oakland government must be triple-checked and changed. 

Read: “NIST Password Guidelines 2022: 9 Rules to Follow” 

2. Utilize credit monitoring and identity theft prevention.  

stolen social security

The internet is forever, and getting something taken off the web is a losing battle. The best thing organizations can do is to use credit monitoring and identity theft prevention to minimize potential damage. 

 “Anybody who's had their Social Security Number leaked in any type of attack should have credit monitoring in place for at least a year,” McBride recommended.  

Your Oakland team should take advantage of free identity theft reporting and annual credit reports. Also, consider implementing a credit freeze for your personal and business accounts.  

3. Have a disaster recovery plan in place.  

A disaster recovery plan is a must-have in today’s tech environment.  

“When a breach happens, you're not only going to want to know exactly who takes the lead, who to call,” McBride said, “but also what breach notifications need to go out and how you can respond.”  

4. Implement security awareness training. 

Another crucial lesson is to have frequent security awareness training. 

security awareness training

“One of the areas that are difficult to defend with software solutions are just people making mistakes,” McBride said.  

Security awareness training - especially for phishing emails - can make the difference between a breached network and a safe IT environment. The city of Oakland, unfortunately, learned this lesson a little too late. 

5. Follow a security framework. 

Following a security framework, such as the NIST framework, will help your business avoid suffering Oakland’s same fate.  

While adhering 100% to a security framework is challenging for smaller companies, there are still guidelines you can follow regardless of your business size. But if you're in certain fields like healthcare and finance, you’ll have IT regulations you’re required to follow, regardless of business size.  

6. Work with experts in the cybersecurity field.  

expert people

Last but not least, McBride recommends working with experts in the cybersecurity field. It’s better to get it right the first time instead of spending more time and effort fixing bad security practices while simultaneously creating security vulnerabilities.  

“Because of the complexity that can exist in implementing a sufficient security practice and managing the environment, a good cyber security practice is going to be a joint effort between cyber security specialists and your IT operators,” McBride said. 

“I would recommend that the number one thing they could do is lean on and work with trusted, proven, reliable managed security service providers.” 

Read: “5 Best Managed Security Service Providers (MSSPs) in the Bay Area” 

Ready to Apply the Lessons from the Oakland Ransomware Attack? 

In conclusion, the 2023 Oakland ransomware attack serves as a wake-up call for businesses to take cybersecurity seriously. 

The huge impact of the attack on the city's government and businesses highlights the need for proactive measures to protect against cyber threats. 

But applying every security measure is no easy task. It’s why cybersecurity and IT specialists like ITS exist, after all. And as a cybersecurity specialist for over 20 years, we’ve created more resources to help you use each lesson from the Oakland 2023 ransomware attack:  

If you want more information about preparing for data breaches, check out our eBook “Data Breaches - a Definitive Guide for Business Owners.”

New call-to-action