Cyber Incident Victim: City of Oakley

On February 22, 2024, the City of Oakley publicly disclosed it had experienced a ransomware attack earlier that day. The city’s Information Technology Division immediately initiated an investigation to determine the scope and severity of the incident, collaborating with law enforcement agencies and external cybersecurity professionals. In response to the attack, the City Manager declared a local state of emergency, reflecting the seriousness of the disruption. The city partially activated its Emergency Operations Center to coordinate recovery efforts while adhering to industry-standard incident response protocols. Critical emergency services—including 9-1-1 dispatch, police, fire, and ambulance operations—remained fully functional and were not compromised by the attack. As a precautionary measure, IT personnel took affected systems offline to contain potential threats and prevent further unauthorized access. This action formed part of a broader strategy to safely secure infrastructure before restoring services systematically.

The disruption caused delays in non-emergency municipal operations, though the city did not specify which departments or systems were most impacted. Officials advised residents to anticipate service interruptions while restoration work continued, emphasizing that updates would be provided as new information emerged. No ransom demand details, attacker identities, or data compromise specifics were disclosed publicly. The city maintained its focus on developing a structured recovery plan without confirming an estimated timeline for full resolution. Ongoing monitoring of systems and coordination with cybersecurity partners remained active priorities throughout the response phase.