A cyber-attack on a town in California has resulted in the exfiltration of own and economic data belonging to suppliers, metropolis employees, and their spouses.
A information security incident notice published by the Metropolis of Grass Valley states that an unfamiliar attacker was ready to accessibility some of the city’s IT methods for 4 months past year.
The city explained that the attacker exploited the unauthorized accessibility they relished among April 13 and July 1 2021, to steal knowledge belonging to an unspecified range of people today.
Victims impacted by the info breach contain Grass Valley workforce, previous personnel, spouses, dependents, and specific vendors hired by the town. Other victims incorporate men and women whose details may possibly have been provided to the Grass Valley Police Division and folks whose data was supplied to the Grass Valley Community Advancement Division in personal loan application files.
The statement does not reveal the date on which the existence of the danger actor was detected by Grass Valley but claims that the town “immediately took steps to secure our network, contacted legislation enforcement, and commenced an investigation with the aid of a cybersecurity agency.”
A assessment of which data files had been accessed by the threat actor and what details experienced been compromised was concluded on December 1. Details uncovered in the course of the attack was discovered to include social security figures, driver’s license quantities, vendor names and minimal health care or wellness insurance coverage data.
For persons whose information might have been offered to the Grass Valley Law enforcement Section, the impacted info integrated the identify and just one or extra of the subsequent: social security amount, driver’s license range, fiscal account information and facts, payment card data, restricted healthcare or overall health insurance policies facts, passport variety and username and password credentials to an online account.
All those who had used for a neighborhood growth bank loan might have had names and Social Security quantities, driver’s license numbers, economic account numbers, and payment card figures compromised.
Grass Valley started out notifying victims of the details breach on January 7 2022.
The town reported: “To assistance reduce something like this from taking place again, we keep on to overview our techniques and are using steps to improve our existing security protocols.
Some parts of this write-up are sourced from: