Social Security Numbers and Medical Info Checked, City Confirms
More details of a widespread data breach in the city of Grass Valley, Calif., Revealed that information from employees, citizens and others had been copied and transferred to another network.
A statement from the city council had previously confirmed that it had experienced “unauthorized access” to its systems between April 13 and July 1, 2021.
An investigation has now determined the extent of the attack, revealing that the malicious actor had transferred files outside of the city’s network, including financial and personal information of “individuals associated with Grass Valley.”
Learn more about the latest news on data breaches
Data accessible from records belonging to Grass Valley employees – including former employees, spouses, dependents, and individual vendors – includes names and one or more of the following: social security numbers, limited driver’s license and medical or health insurance information.
For individual salespeople who were hired by the city, names and social security numbers were consulted.
According to city officials, the breach may also have impacted people whose information was provided to the Grass Valley Police Department, as well as loan seekers who requested funds from the Grass Valley Community Development Department. Valley.
YOU CAN LIKE New York attorney general reports 1.1 million online accounts compromised by credential jamming attacks
Grass Valley said it began informing those affected on January 7 and alerted relevant authorities, including law enforcement.
The city also offers free credit monitoring services to anyone affected by the breach.
“Grass Valley sincerely regrets that this incident has occurred and apologizes for any inconvenience or concerns,” he noted.
“To prevent this kind of thing from happening again, Grass Valley continues to review its systems and take steps to improve existing security protocols. “
ADVISED Prosecutors lay additional charges against former Uber security chief for ‘covering up’ 2016 data breach