Police association files suit against City of Oakland after data breach

Oakland City Hall on December 5, 2017 in Oakland, California. (Photo by Justin Sullivan/Getty Images)

Posted: Apr 3, 2023 / 02:53 PM PDT

Updated: Apr 3, 2023 / 02:53 PM PDT

OAKLAND, Calif. (KRON) — After a data breach led to the release of personal information of city employees in early March, the Oakland Police Officers’ Association has filed a claim against the City of Oakland on behalf of all its members, according to court documents obtained by KRON4.

The claim was filed on March 30, 52 days after the ransomware attack. The POA is asking for reimbursement of damages suffered by its members after the city’s “failure to protect its employees’ personal data by refusing to maintain adequate information security systems,” the OPOA wrote in press release.

The documents filed by the OPOA state that the city’s failure to secure its information systems is well documented. An annual report presented to the City Council in March 2022 laid out “weaknesses” within the city’s information security. Some of the challenges listed include outdated policies, lack of risk assessment, lack of testing and a failure to adequately staff and fund the information technology security teams.

The claim documents also reveal new details about the outcome of the personal data release on March 3. Multiple POA members had addresses, social security numbers, drivers license and passport numbers, as well as bank account information released in the breach. Several POA members were soon notified by credit-monitoring companies that credit cards were being fraudulently opened in their names.

KRON On is streaming now

The claim argues that because the City of Oakland knew about the security deficiencies and failed to improve them, the city is responsible for the breach. The claim also argues that because POA members were required to provide certain private data for employment, that meant the city was obligated to protect that private data from unauthorized disclosure. They say because the city failed, the POA is also seeking a claim for breach of contract.

The monetary damages amount is not finalized, but the paperwork shows the POA believes the damages will be in excess of $25,000. The group is also seeking assistance with credit monitoring services and identity theft insurance for its group members.