As the California city had barely recovered from the devastating ransomware attack just weeks ago, another hacker group has hit hard at the city of Oakland’s data infrastructure.

The LockBit gang has listed the city of Oakland in its victim blog on the dark web and has given the Oakland City Council until April 10 to negotiate the ransom.

If the city officials do not respond, the threat actors have warned that “all available data will be published.”

However, the Russia-based hacker gang has yet to reveal solid proof of any stolen data from the servers of the Oakland City administration.

The hacker group, which has been active since 2019, struck a few weeks after the Oakland city council disclosed that it had fallen victim to a cyberattack by the Play ransomware group in February.

In a multi-part RAR archive totaling 10GB in size, the leaked data comprised confidential documents, employee details, passports, and IDs.

Confirming the cyberattack by the Play ransomware group, an Oakland City council member confirmed that they “are aware that an unauthorized party has released some of the information acquired from our network” and stated that the “findings to date indicate that an unauthorized actor accessed computer systems where certain individuals’ personal information was stored as part of their employment with the city.”

Employees who were affected by the breach were informed that their personal information, including names, addresses, Social Security numbers, and driver’s license numbers, was among the data that was stolen from the compromised systems.

LockBit may have leveraged this information to carry out its latest attack.

It is common for cybercriminals to use stolen data in phishing attacks, where the victims are tricked into downloading malware from a seemingly legitimate source.