CO
Company Details
Linkedin ID:
oakland
Website:
Employees number:
2,484
Number of followers:
20,768
NAICS:
92
Industry Type:
Homepage:
oaklandca.gov
IP Addresses:
0
Company ID:
CIT_1614528
Scan Status:
In-progress
City of Oakland Company CyberSecurity Posture
oaklandca.gov
Incorporated in 1852, Oakland is the eighth largest city in California, with an estimated population of 450,000 and a wealth of resources and opportunities. Located on the east side of the San Francisco Bay, Oakland is bordered by 19 miles of coastline to the west and rolling hills to the east, which provide unparalleled vistas of the Bay and the Pacific Ocean.
City of Oakland A.I CyberSecurity Scoring
CO Risk Score (AI oriented)Between 0 and 549
CO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CO Global Score (TPRM)XXXX
CO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CO Company CyberSecurity News & History
Past Incidents
6
Attack Types
2
City of Oakland
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that the City of Oakland experienced a cybersecurity incident involving malware between February 6, 2023, and February 9, 2023, affecting some personal information of individuals. The incident was reported on March 30, 2023.
City of Oakland
Ransomware
Rankiteo Explanation
Attack limited on finance or reputation
Description: The City of Oakland reported a ransomware attack. The City of Oakland, out of an abundance of caution, took the affected systems offline while they worked to secure the affected infrastructure. In order to ascertain the extent and gravity of the problem, the information technology department alerted the relevant authorities and started an inquiry into the occurrence. Even while the City's primary operations—including 911, financial information, and fire and rescue resources—were unaffected, the notice it published cautions the public about potential delays from the City as a result of the attack. The City has verified that an unauthorized entity has obtained a number of files from its network and has threatened to make the information publicly available.
City of Oakland
Ransomware
Rankiteo Explanation
Attack limited on finance or reputation
Description: The City of Oakland was targeted by Ransomware Attack after that Oakland continues to experience a network outage that has left several non-emergency systems including phone lines within the City of Oakland impacted or offline. The City appreciates the community's patience while workers from several departments collaborate to reduce interruptions and put in place workarounds to typical business procedures that enable the City to keep providing services. In addition to engaging with additional cybersecurity and technology companies on recovery and remediation efforts, the City's IT Department is collaborating with a top forensics firm to conduct a thorough incident response and investigation. With numerous local, state, and federal authorities participating, this inquiry is still ongoing. In order to address the problem, the City is creating a response strategy while adhering to industry best practises. ITD has taken affected systems offline out of an abundance of caution as they seek to secure and safely restore services. The public should anticipate delays from the City in the interim.
City of Oakland
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: In 2023, the City of Oakland suffered a severe **ransomware attack** executed by the **Play ransomware group**, exposing the personal data of thousands of current and former **police officers and city employees**. Compromised information included **home addresses, medical records, and Social Security numbers**, which were leaked on the **dark web**. The attack crippled the city’s IT systems for **weeks**, disrupting essential government services and delaying critical operations, including **police misconduct investigations**. The breach led to a **class-action lawsuit** with over **10,000 plaintiffs**, resulting in settlements of **$175 per affected officer** and up to **$350 for other employees** who proved financial harm. The city also offered **three years of free credit monitoring**. An earlier **2022 audit** had warned of **cybersecurity vulnerabilities** due to **understaffing and resource shortages**, but no action was taken. The incident exposed systemic neglect in Oakland’s digital defenses, raising concerns about **identity theft risks**—especially for police in a **high-crime city**—and prolonged **operational disruptions** across municipal services.
City of Oakland
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Oakland ransomware attack on April 2023, which seriously disrupted city operations for weeks, was carried out by the LockBit ransomware gang. At first, the Play ransomware gang claimed responsibility for the attack, but LockBit later added the city to its list of leak locations.
City of Oakland
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The **City of Oakland** was targeted by the **Play ransomware group**, a threat actor known for its **double extortion model**, where stolen data is encrypted and threatened for public release if ransom demands are unmet. The attack likely involved **exploiting vulnerabilities in external-facing services (e.g., RDP, VPNs, FortiOS, or Microsoft Exchange)** or **stolen credentials** to gain initial access. Once inside, the attackers used tools like **AdFind, Grixba, Cobalt Strike, and Mimikatz** to escalate privileges, disable security software (e.g., Microsoft Defender via PowerShell scripts), and move laterally across the network. The ransomware variant deployed may have included **ESXi-targeting malware**, capable of **shutting down virtual machines and encrypting files with unique keys per file**, severely disrupting municipal operations. Given the city’s reliance on digital infrastructure for **public services, emergency response, and administrative functions**, the attack likely caused **operational outages, financial losses from recovery efforts, and potential leaks of sensitive citizen or employee data**. The Play group’s history of **data exfiltration and public leak threats** further amplifies reputational and legal risks for the city. Recovery efforts would involve **rebuilding encrypted systems, forensic investigations, and potential ransom negotiations**, with long-term impacts on trust in municipal cybersecurity.
CO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CO
Incidents vs Government Administration Industry Average (This Year)
City of Oakland has 53.85% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
City of Oakland has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types CO vs Government Administration Industry Avg (This Year)
City of Oakland reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — CO (X = Date, Y = Severity)
CO cyber incidents detection timeline including parent company and subsidiaries
CO Company Subsidiaries
Incorporated in 1852, Oakland is the eighth largest city in California, with an estimated population of 450,000 and a wealth of resources and opportunities. Located on the east side of the San Francisco Bay, Oakland is bordered by 19 miles of coastline to the west and rolling hills to the east, which provide unparalleled vistas of the Bay and the Pacific Ocean.
Loading...
CO Similar Companies
Ministry of Health Saudi Arabia
The Ministry of Health (MOH), by way of its objectives, policies and projects included in this strategy, seeks to accomplish a promising future vision; namely, delivering best-quality integrated and comprehensive healthcare services. Carrying health conditions or health status of Saudi inhabitants t
U.S. Department of Homeland Security
The Department of Homeland Security (DHS) has a vital mission: to secure the nation from the many threats we face. This requires the hard work of more than 260,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility in
Year after year, the Commonwealth of Massachusetts has continued to pioneer bold legislative actions and programs, some of which have been embraced on a national scale. We are always looking for talented individuals to help us maintain this momentum and improve the services that millions of people d
FEMA
Welcome to the official LinkedIn page for the Federal Emergency Management Agency (FEMA). When disaster strikes, America looks to FEMA to support survivors and first responders in communities all across the country. This page provides career related information, job announcements and relevant updat
I work for NSW
The NSW public sector includes ten departments and many agencies and organisations working together to develop policy and deliver important services such as health, education, housing, transport and infrastructure across NSW. We are over 300,000 dedicated people who share the same values - making a
State of Florida
Join Florida’s talented workforce to fulfill your professional goals and achieve a meaningful career. Our talented public servants work hard to serve more than 19 million residents across Florida, and you, too, can realize success in the Sunshine State. Working in Florida’s state government mean
Malmö stad
Bli en samhällsbyggare – jobba i Malmö stad! Genom att arbeta i Malmö stad får du möjlighet att arbeta med hållbar samhällsutveckling. Som en samhällsbyggare spelar du en viktig roll i Malmös utveckling och därför ser vi oss som framtidens arbetsplats. Människors lika värde är en förutsättning fö
UWV
Bij UWV werken we aan een samenleving waarin iedereen mee kan doen. We helpen mensen op weg bij het vinden of behouden van werk. In geval van ziekte kijken we wat iemand nog wél kan. En als werken niet mogelijk is, zorgt UWV snel voor inkomen. We geven op deskundige en efficiënte wijze uitvoering a
City of Los Angeles
The City of Los Angeles employs more than 45,000 people in a wide range of careers. Visit our website for information on current openings, including regular civil service positions, exempt and emergency appointment opportunities, in addition to internships! The City of Los Angeles is a Mayor-Counci
.png)
CO CyberSecurity News
October 07, 2025 07:00 AM
Oakland, Calif., to Pay Police, Staff Whose Data Was Exposed
The city will make settlements to current and former police officers and workers whose personal information was compromised by a 2023...
August 14, 2025 07:00 AM
Water sector expands partnership with volunteer hackers
As threats to critical infrastructure grow and government funding stagnates, operators are turning to civic-minded volunteers from the...
July 11, 2025 07:00 AM
Oakland police chief blames 2023 ransomware attack for delay in Internal Affairs cases
OPD Chief Floyd Mitchell said the 2023 ransomware cybersecurity attack that crippled some of Oakland's information technology systems set IA...
July 02, 2025 07:00 AM
New York govts must now report if they pay a ransom demand, top ransom negotiator weighs in
New York passes legislation requiring local governments report if they've paid a ransom demand to their attackers.
June 26, 2025 01:36 PM
Police
The Oakland Police Department (OPD) is committed to reducing crime and serving the community through fair, quality policing.
June 26, 2025 01:26 PM
Information Technology
The Information Technology Department (ITD) is committed to providing sustainable and agile delivery of strategic and effective solutions to enhance...
June 16, 2025 07:00 AM
Getting a Job in Tech in Oakland in 2025: The Complete Guide
Oakland's tech job market in 2025 is booming with 8,000 new roles annually, focusing on data analysis, cloud computing, and cybersecurity.
May 07, 2025 07:00 AM
City of Oakland Agrees Settlement to Resolve Class Action Data Breach Lawsuit
The City of Oakland in California has agreed to settle litigation stemming from a ransomware attack and data breach that affected more than...
March 31, 2025 07:00 AM
‘A quiet storm’: City park could be renamed to honor Jacksonville trailblazer, Dr. Eartha White
A proposed bill to rename Oakland Park after Dr. Eartha White, a renowned philanthropist and humanitarian who left a lasting mark on the River City.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CO CyberSecurity History Information
Official Website of City of Oakland
The official website of City of Oakland is http://oaklandca.gov.
City of Oakland’s AI-Generated Cybersecurity Score
According to Rankiteo, City of Oakland’s AI-generated cybersecurity score is 223, reflecting their Critical security posture.
How many security badges does City of Oakland’ have ?
According to Rankiteo, City of Oakland currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does City of Oakland have SOC 2 Type 1 certification ?
According to Rankiteo, City of Oakland is not certified under SOC 2 Type 1.
Does City of Oakland have SOC 2 Type 2 certification ?
According to Rankiteo, City of Oakland does not hold a SOC 2 Type 2 certification.
Does City of Oakland comply with GDPR ?
According to Rankiteo, City of Oakland is not listed as GDPR compliant.
Does City of Oakland have PCI DSS certification ?
According to Rankiteo, City of Oakland does not currently maintain PCI DSS compliance.
Does City of Oakland comply with HIPAA ?
According to Rankiteo, City of Oakland is not compliant with HIPAA regulations.
Does City of Oakland have ISO 27001 certification ?
According to Rankiteo,City of Oakland is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of City of Oakland
City of Oakland operates primarily in the Government Administration industry.
Number of Employees at City of Oakland
City of Oakland employs approximately 2,484 people worldwide.
Subsidiaries Owned by City of Oakland
City of Oakland presently has no subsidiaries across any sectors.
City of Oakland’s LinkedIn Followers
City of Oakland’s official LinkedIn profile has approximately 20,768 followers.
NAICS Classification of City of Oakland
City of Oakland is classified under the NAICS code 92, which corresponds to Public Administration.
City of Oakland’s Presence on Crunchbase
No, City of Oakland does not have a profile on Crunchbase.
City of Oakland’s Presence on LinkedIn
Yes, City of Oakland maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/oakland.
Cybersecurity Incidents Involving City of Oakland
As of November 29, 2025, Rankiteo reports that City of Oakland has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
City of Oakland has an estimated 11,172 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at City of Oakland ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Cyber Attack.
How does City of Oakland detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cybersecurity and technology companies, third party assistance with top forensics firm, and and containment measures with affected systems taken offline, and communication strategy with community is informed about potential delays, and law enforcement notified with relevant authorities were alerted, and containment measures with affected systems taken offline, and communication strategy with public notice issued, and and and communication strategy with joint advisory by fbi/cisa/acsc, communication strategy with public disclosure of iocs and ttps, and remediation measures with settlement payouts ($175 for police officers, up to $350 for others), remediation measures with three years of free credit monitoring for plaintiffs, and communication strategy with public demands for transparency by police officers' union, communication strategy with legal filings (class-action lawsuit)..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on the City of Oakland
Description: The City of Oakland was targeted by a ransomware attack, leading to a network outage that has impacted several non-emergency systems, including phone lines. The City's IT Department is collaborating with cybersecurity and technology companies, as well as a top forensics firm, to conduct a thorough incident response and investigation. The inquiry is ongoing with local, state, and federal authorities participating.
Type: Ransomware
Title: Oakland Ransomware Attack
Description: The Oakland ransomware attack on April 2023, which seriously disrupted city operations for weeks, was carried out by the LockBit ransomware gang. At first, the Play ransomware gang claimed responsibility for the attack, but LockBit later added the city to its list of leak locations.
Date Detected: 2023-04
Type: Ransomware
Threat Actor: LockBitPlay
Title: Ransomware Attack on the City of Oakland
Description: The City of Oakland reported a ransomware attack that affected its systems, leading to potential delays in city services. The City's primary operations were unaffected, but an unauthorized entity obtained a number of files and threatened to make the information publicly available.
Type: Ransomware
Title: City of Oakland Malware Incident
Description: The City of Oakland experienced a cybersecurity incident involving malware affecting some personal information of individuals.
Date Detected: 2023-02-06
Date Publicly Disclosed: 2023-03-30
Type: Malware
Title: Play Ransomware Group Targets 900 Organizations Since 2022
Description: A joint advisory from the US and Australian authorities (FBI, CISA, and ASD’s ACSC) reports that the Play ransomware group has compromised approximately 900 organizations over the past three years (since June 2022). The group employs a double extortion model, stealing data and encrypting systems, then threatening to publish the data if ransom demands (paid in cryptocurrency) are not met. Initial access is gained via stolen credentials or exploits in FortiOS, Microsoft Exchange, RDP, VPNs, and a newly disclosed SimpleHelp vulnerability (CVE-2024-57727). Tools like AdFind, Grixba, Cobalt Strike, and Mimikatz are used for reconnaissance, lateral movement, and privilege escalation. The group also deploys an ESXi variant that shuts down VMs before encryption. Notable victims include the City of Oakland, Rackspace, and Royal Dirkzwager.
Date Detected: 2022-06-01
Date Publicly Disclosed: 2025-06-06
Type: ransomware
Attack Vector: stolen credentialsexploitation of known vulnerabilities (FortiOS, Microsoft Exchange, CVE-2024-57727 in SimpleHelp)external-facing services (RDP, VPNs)phishing (implied via credential theft)
Vulnerability Exploited: FortiOS (unspecified CVEs)Microsoft Exchange (unspecified CVEs)CVE-2024-57727 (SimpleHelp remote code execution)external-facing RDP/VPN misconfigurations
Threat Actor: Play Ransomware Group
Motivation: financial gaindata theft for extortion
Title: City of Oakland Ransomware Attack (2023)
Description: The city of Oakland suffered a ransomware attack in 2023, orchestrated by the Play ransomware group. The attack disrupted city services for weeks, exposed sensitive personal information (including home addresses, medical records, and Social Security numbers) of over 10,000 current and former employees, and led to a class-action lawsuit. The city agreed to settlements, offering $175 to affected police officers and up to $350 to other employees demonstrating financial losses, along with three years of free credit monitoring. The incident highlighted systemic cybersecurity vulnerabilities, including understaffing and inadequate safeguards, as warned in a 2022 audit.
Type: ransomware
Threat Actor: Play ransomware group
Motivation: financial gaindata theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through stolen credentialsexploited vulnerabilities (FortiOS, Microsoft Exchange and SimpleHelp)RDP/VPN.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware CIT6316223
Systems Affected: Non-emergency systemsPhone lines
Downtime: Ongoing
Operational Impact: Delays in city services
Incident : Ransomware CIT34928823
Downtime: weeks
Operational Impact: seriously disrupted city operations
Incident : Ransomware CIT183681023
Data Compromised: Files obtained from the network
Operational Impact: Potential delays in city services
Incident : Malware OAK233072625
Data Compromised: Personal Information
Incident : ransomware OAK825090225
Downtime: True
Incident : ransomware OAK3702437100825
Data Compromised: Home addresses, Medical information, Social security numbers, Personally identifiable information (pii)
Systems Affected: city government technological systemspolice department investigations
Downtime: weeks to months
Operational Impact: disruption of basic city servicesdelays in officer misconduct investigationsextended federal oversight of Oakland Police Department
Brand Reputation Impact: loss of trust in city governmentpublic scrutiny over cybersecurity neglect
Legal Liabilities: class-action lawsuit with over 10,000 plaintiffssettlements for affected employees
Identity Theft Risk: high (data sold on dark web)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Pii, Home Addresses, Medical Information, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Ransomware CIT6316223
Entity Name: City of Oakland
Entity Type: Government
Industry: Public Sector
Location: Oakland, California
Incident : Ransomware CIT34928823
Entity Name: City of Oakland
Entity Type: Government
Industry: Public Sector
Location: Oakland
Incident : Ransomware CIT183681023
Entity Name: City of Oakland
Entity Type: Government
Industry: Public Administration
Location: Oakland, CA
Incident : Malware OAK233072625
Entity Name: City of Oakland
Entity Type: Government
Industry: Public Administration
Location: Oakland, California
Incident : ransomware OAK825090225
Entity Name: City of Oakland
Entity Type: government
Industry: public administration
Location: Oakland, California, USA
Incident : ransomware OAK825090225
Entity Name: Rackspace
Entity Type: private
Industry: cloud services
Location: USA
Incident : ransomware OAK825090225
Entity Name: Royal Dirkzwager
Entity Type: private
Industry: maritime logistics
Location: Netherlands
Incident : ransomware OAK3702437100825
Entity Name: City of Oakland
Entity Type: municipal government
Industry: public administration
Location: Oakland, California, USA
Customers Affected: 10,000+ (current and former employees, including police officers)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware CIT6316223
Third Party Assistance: Cybersecurity And Technology Companies, Top Forensics Firm.
Containment Measures: Affected systems taken offline
Communication Strategy: Community is informed about potential delays
Incident : Ransomware CIT183681023
Law Enforcement Notified: Relevant authorities were alerted
Containment Measures: Affected systems taken offline
Communication Strategy: Public notice issued
Incident : ransomware OAK825090225
Incident Response Plan Activated: True
Communication Strategy: joint advisory by FBI/CISA/ACSCpublic disclosure of IOCs and TTPs
Incident : ransomware OAK3702437100825
Remediation Measures: settlement payouts ($175 for police officers, up to $350 for others)three years of free credit monitoring for plaintiffs
Communication Strategy: public demands for transparency by police officers' unionlegal filings (class-action lawsuit)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity and technology companies, Top forensics firm, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware CIT183681023
Data Exfiltration: Files obtained from the network
Incident : Malware OAK233072625
Type of Data Compromised: Personal Information
Incident : ransomware OAK825090225
Data Encryption: True
Incident : ransomware OAK3702437100825
Type of Data Compromised: Pii, Home addresses, Medical information, Social security numbers
Number of Records Exposed: 10,000+
Sensitivity of Data: high
Data Exfiltration: yes (data sold on dark web)
Personally Identifiable Information: yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: settlement payouts ($175 for police officers, up to $350 for others), three years of free credit monitoring for plaintiffs, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by affected systems taken offline, and affected systems taken offline.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware CIT34928823
Ransomware Strain: LockBitPlay
Incident : Ransomware CIT183681023
Data Exfiltration: Files obtained from the network and threatened to be made publicly available
Incident : ransomware OAK825090225
Ransom Demanded: True
Ransomware Strain: Play (including Windows and ESXi variants)
Data Encryption: True
Data Exfiltration: True
Incident : ransomware OAK3702437100825
Ransomware Strain: Play
Data Encryption: yes (systems held hostage)
Data Exfiltration: yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware OAK825090225
Regulatory Notifications: FBICISAACSC (joint advisory)
Incident : ransomware OAK3702437100825
Legal Actions: class-action lawsuit (led by Hada Gonzalez), settlement agreement filed in May 2024,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through class-action lawsuit (led by Hada Gonzalez), settlement agreement filed in May 2024, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware OAK3702437100825
Lessons Learned: Public agencies are highly vulnerable to ransomware due to understaffing and inadequate cybersecurity safeguards., Proactive audits (e.g., 2022 report) can forewarn of risks, but require action to mitigate threats., Data breaches in high-crime areas (e.g., Oakland) amplify risks to personal safety, especially for law enforcement., Transparency and communication with affected stakeholders (e.g., unions, employees) are critical post-incident.
What recommendations were made to prevent future incidents ?
Incident : ransomware OAK3702437100825
Recommendations: Invest in cybersecurity staffing and resources to address audit findings., Implement robust backup and recovery systems to minimize downtime., Enhance monitoring for dark web activity to detect exfiltrated data early., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g., police).Invest in cybersecurity staffing and resources to address audit findings., Implement robust backup and recovery systems to minimize downtime., Enhance monitoring for dark web activity to detect exfiltrated data early., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g., police).Invest in cybersecurity staffing and resources to address audit findings., Implement robust backup and recovery systems to minimize downtime., Enhance monitoring for dark web activity to detect exfiltrated data early., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g., police).Invest in cybersecurity staffing and resources to address audit findings., Implement robust backup and recovery systems to minimize downtime., Enhance monitoring for dark web activity to detect exfiltrated data early., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g., police).Invest in cybersecurity staffing and resources to address audit findings., Implement robust backup and recovery systems to minimize downtime., Enhance monitoring for dark web activity to detect exfiltrated data early., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g., police).
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Public agencies are highly vulnerable to ransomware due to understaffing and inadequate cybersecurity safeguards.,Proactive audits (e.g., 2022 report) can forewarn of risks, but require action to mitigate threats.,Data breaches in high-crime areas (e.g., Oakland) amplify risks to personal safety, especially for law enforcement.,Transparency and communication with affected stakeholders (e.g., unions, employees) are critical post-incident.
References
Where can I find more information about each incident ?
Incident : Malware OAK233072625
Source: California Office of the Attorney General
Date Accessed: 2023-03-30
Incident : ransomware OAK825090225
Source: Joint Advisory by FBI, CISA, and ACSC
Date Accessed: 2025-05-01
Incident : ransomware OAK3702437100825
Source: The News Station (TNS)
Incident : ransomware OAK3702437100825
Source: Oakland City Audit (2022)
Incident : ransomware OAK3702437100825
Source: Class-action lawsuit filings (Hada Gonzalez et al.)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2023-03-30, and Source: SecurityAffairsDate Accessed: 2025-06-06, and Source: Joint Advisory by FBI, CISA, and ACSCDate Accessed: 2025-05-01, and Source: The News Station (TNS), and Source: Oakland City Audit (2022), and Source: Class-action lawsuit filings (Hada Gonzalez et al.).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware CIT6316223
Investigation Status: Ongoing
Incident : Ransomware CIT183681023
Investigation Status: Inquiry started into the occurrence
Incident : ransomware OAK825090225
Investigation Status: ongoing (as of June 2025)
Incident : ransomware OAK3702437100825
Investigation Status: resolved (settlements distributed in 2024)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Community is informed about potential delays, Public notice issued, Joint Advisory By Fbi/Cisa/Acsc, Public Disclosure Of Iocs And Ttps, Public Demands For Transparency By Police Officers' Union and Legal Filings (Class-Action Lawsuit).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware OAK825090225
Stakeholder Advisories: Fbi, Cisa, Acsc.
Incident : ransomware OAK3702437100825
Stakeholder Advisories: Oakland Police Officers' Union Demanded Transparency And Criticized City Leadership., Attorney Scott Cole (Plaintiffs' Representative) Highlighted Systemic Neglect In Cybersecurity..
Customer Advisories: Three years of free credit monitoring offered to class-action plaintiffs.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Fbi, Cisa, Acsc, Oakland Police Officers' Union Demanded Transparency And Criticized City Leadership., Attorney Scott Cole (Plaintiffs' Representative) Highlighted Systemic Neglect In Cybersecurity., Three Years Of Free Credit Monitoring Offered To Class-Action Plaintiffs. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware OAK825090225
Entry Point: Stolen Credentials, Exploited Vulnerabilities (Fortios, Microsoft Exchange, Simplehelp), Rdp/Vpn,
Incident : ransomware OAK3702437100825
High Value Targets: Employee Pii, City Government Systems,
Data Sold on Dark Web: Employee Pii, City Government Systems,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware OAK825090225
Root Causes: Poor Credential Hygiene, Unpatched Vulnerabilities (Fortios, Microsoft Exchange, Simplehelp), Insecure Rdp/Vpn Configurations, Lack Of Detection For Recompiled Ransomware Binaries,
Incident : ransomware OAK3702437100825
Root Causes: Staffing And Resource Constraints (Per 2022 Audit), Lack Of Cybersecurity Safeguards Compared To Private Sector, Delayed Response And Remediation,
Corrective Actions: Financial Settlements And Credit Monitoring For Victims, Ongoing Federal Oversight Of Oakland Police Department Due To Investigative Delays,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity And Technology Companies, Top Forensics Firm, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Financial Settlements And Credit Monitoring For Victims, Ongoing Federal Oversight Of Oakland Police Department Due To Investigative Delays, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an LockBitPlay, Play Ransomware Group and Play ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-04.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-06-06.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Files obtained from the network, Personal Information, , home addresses, medical information, Social Security numbers, personally identifiable information (PII) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Non-emergency systemsPhone lines and and city government technological systemspolice department investigations.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity and technology companies, top forensics firm, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Affected systems taken offline and Affected systems taken offline.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, medical information, home addresses, Files obtained from the network, personally identifiable information (PII) and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0K.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was class-action lawsuit (led by Hada Gonzalez), settlement agreement filed in May 2024, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Transparency and communication with affected stakeholders (e.g., unions, employees) are critical post-incident.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance monitoring for dark web activity to detect exfiltrated data early., Implement robust backup and recovery systems to minimize downtime., Invest in cybersecurity staffing and resources to address audit findings., Establish clear incident response protocols, including legal and PR strategies for breaches., Provide identity theft protection and support for affected individuals, particularly in high-risk roles (e.g. and police)..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are SecurityAffairs, Class-action lawsuit filings (Hada Gonzalez et al.), The News Station (TNS), Oakland City Audit (2022), California Office of the Attorney General, Joint Advisory by FBI, CISA and and ACSC.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was FBI, CISA, ACSC, Oakland Police Officers' Union demanded transparency and criticized city leadership., Attorney Scott Cole (plaintiffs' representative) highlighted systemic neglect in cybersecurity., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Three years of free credit monitoring offered to class-action plaintiffs.
Initial Access Broker
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was poor credential hygieneunpatched vulnerabilities (FortiOS, Microsoft Exchange, SimpleHelp)insecure RDP/VPN configurationslack of detection for recompiled ransomware binaries, Staffing and resource constraints (per 2022 audit)Lack of cybersecurity safeguards compared to private sectorDelayed response and remediation.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Financial settlements and credit monitoring for victimsOngoing federal oversight of Oakland Police Department due to investigative delays.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=oakland' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
