Data stolen in a ransomware attack on the City of Oakland in February has been released online after the city refused to pay the ransom demanded.

The ransomware attack occured on Feb. 8, knocking some of the city’s information technology systems offline. A state of emergency was then declared on Feb. 16 following what the city described as ongoing network outages caused by the attack. The attack did not affect 911 services, but certain nonemergency systems were forced offline.

A month after the attack, the Play ransomware group, which first emerged in August following an attack on Argentina’s Judiciary of Córdoba, has started releasing the stolen files.

The San Francisco Chronicle reported today that the trove of data includes 12 years of city rosters and personally identifiable information of thousands of current and former city employees. The information includes Social Security numbers, driver’s license numbers, dates of birth and home addresses, including the details of current Mayor Sheng Thao and former Mayor Libby Schaff.

Other records leaked include hundreds of police misconduct allegations and scanned bank accounts. The Chronicle noted that city employees are concerned that the leaked data could result in identity theft.

It’s unclear from Play’s leak site on the dark web, the shady corner of the internet accessible with special software, if there are further files to be released. Media reports suggest that the data dump was a first release, which is not unusual, since ransomware gangs like to pressure victims to pay up, but the gang’s leak site only mentions that data has been published (pictured).

“Unfortunately, the escalation from ransomware to data leak is an increasingly common playbook for ransomware gangs, as another way to try extort money from successful compromise of data access,” Claude Mandy, chief evangelist for data security at hybrid cloud data security solution firm Symmetry Systems Inc., told SiliconANGLE.

“We would love to see more detailed analysis released in due course on the technical details of the ransomware and data breach before speculating on what occurred,” Mandy added. “Like a lot of organizations in similar unfortunate positions, the city seems to be reliant on a thorough and costly forensic investigation post the breach to determine what information the gang was successful in exfiltrating, leaving impacted residents waiting to hear whether their information was involved.”

Darren Guccione, co-founder and chief executive of cybersecurity software provider Keeper Security Inc., said the Oakland data leak serves as yet another reminder of why everyone must make cybersecurity a priority in the digital era.

“Current and former employees of the City of Oakland should take proactive steps to protect themselves from cybercriminals who may aim to use their personal information for identity theft and targeted attacks,” Guccione warned.

Images: City of Oakland, Play News