A cyber-attack on a town in California has resulted in the exfiltration of private and fiscal info belonging to vendors, city personnel, and their spouses.
A knowledge security incident notice published by the City of Grass Valley states that an unfamiliar attacker was able to access some of the city’s IT units for 4 months past calendar year.
The metropolis mentioned that the attacker exploited the unauthorized obtain they savored involving April 13 and July 1, 2021, to steal info belonging to an unspecified number of persons.
Victims influenced by the data breach include Grass Valley staff, former workforce, spouses, dependents, and person suppliers employed by the city. Other victims incorporate folks whose details may well have been provided to the Grass Valley Police Section, as well as folks whose information was presented to the Grass Valley Group Progress Office in bank loan application documents.
The statement does not reveal the date on which the presence of the risk actor was detected by Grass Valley but promises that the town “promptly took techniques to protected our network, contacted regulation enforcement, and commenced an investigation with the support of a cybersecurity agency.”
A evaluate of which files had been accessed by the risk actor and what data experienced been compromised was concluded on December 1. Data exposed for the duration of the attack was uncovered to consist of Social Security quantities, driver’s license quantities, seller names, and constrained healthcare or wellness coverage data.
For individuals whose info might have been presented to the Grass Valley Police Division, the impacted knowledge bundled identify and a single or much more of the following: Social Security variety, driver’s license quantity, economical account data, payment card data, limited clinical or wellness insurance policy details, passport selection, and username and password qualifications to an online account.
All those who had utilized for a community enhancement loan may possibly have had names and Social Security numbers, driver’s license figures, economical account numbers, and payment card numbers compromised.
Grass Valley begun notifying victims of the details breach on January 7, 2022.
The metropolis mentioned: “To enable stop something like this from taking place once again, we continue to evaluate our techniques and are using actions to enrich our existing security protocols.”
Some pieces of this write-up are sourced from: