California Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
California.jpg
 

Public Safety

Azusa Police Suffered a Ransomware Attack. City Kept It a Secret.

Breach Type – Unknown, Ransomware

Los Angeles Times

  • In the most recent attack, the police were not locked out of their computers, instead, the suspected assailants, a group known as DoppelPaymer, announces in early March that they had copied huge amounts of data and would release it on the so-called dark web if a ransom wasn’t paid
  • DoppelPaymer, demanded 15.5 bitcoin, which was worth about $800,000 at the time according to city manager
  • When the ransom deadline passed, the hackers placed 7 gigabytes of Azusa data online. The materials included negative files, including recordings of witness interviews, a gang database and arrest reports, and office payroll data. As of Monday, the index page for the data had received more than 11,000 views
Read More

 
Azusa Police Computers Hit by Ransomware Attack

Breach Type – Unknown, Ransomware

SGV Tribune

  • Azusa police fell victim to a ransomware attack and the suspect got access to information in the department’s computers
  • Azusa police fell victim to a ransomware attack and the suspect got access to information in the department’s computers
  • Police haven’t arrested anyone yet and haven’t determined how many people were affected by the security breach. The department has no evidence of actual or attempted misuse of the information
  • Police said this information may have included Social Security numbers, driver’s license numbers, California ID numbers information on financial accounts or health insurance
Read More

 
San Diego Law Enforcement Coordination Center, State of California

Breach Type – Hacking, Data Breach

CBS 8

  • Thousands of bulletins were posted online in a recent BlueLeaks release
  • Some bulletins released contained information regarding public schools
  • Other releases contained very private and important information
Read More

 
The Joint Regional Intelligence Center, Los Angeles County

Breach Type – Hacking, Data Breach

Wired

  • Over one million sensitive law enforcement files were released following cyberattack
  • Bad actors dumped a collection of 269 gigabytes of data
  • Officials advised that much of the information originated in law enforcement fusion centers
Read More

 
Union City Government Systems, Alameda County

Breach Type – Unknown, Malware

ABC 7 News

  • Union City computer system taken offline over weekend due to viral cyberattack
  • Officials stated that attack was not ransomware, but was unsure how long systems would be affected
  • City official was unsure exactly what type of virus, but that IT had discovered it
Read More

 
City of Lodi & Lodi Police Department, San Joaquin County

Breach Type – Phishing, Ransomware

Gov Tech

  • City of Lodi victim of cyber attack that affected phone lines and financial systems
  • Ransomware encrypted critical files, knocking out numerous phone lines
  • Ransom demanded 75 bitcoin, city refused to pay and rebuilt systems instead
Read More

 
City of Los Angeles Personnel Department, Los Angeles County

Breach Type – Hacking, Data Breach

NBCLosAngeles

  • City of Los Angeles Personnel Department victim of data breach
  • Hacker stated they stole information of 20,000 individuals, many LAPD officers
  • Data included names, birthdates, partial social security numbers, and e-mails
Read More

 
City of Banning & Banning Police Department, Riverside County

Breach Type - Unknown, Ransomware

Record Gazette

  • City officials advised they were attacked by Ryuk ransomware virus
  • Officials further stated that all files on all computers have been inaccessible
  • No ransom demands were discovered, Police Department systems restored first
Read More

 
Port of San Diego & San Diego Harbor Police Department, San Diego County

Breach Type - Ransomware

The San Diego Union-Tribune

  • Port of San Diego targeted by highly sophisticated ransomware attack
  • Attack additionally impacted the San Diego Harbor Police Department
  • The police department is forced to use alternative technology systems as a result
  • Port has placed public safety systems on high priority for restoration
Read More

 
San Benito Government & Public Safety Systems, San Benito County

Breach Type - Malware

BenitoLink

  • County systems down for more than a week due to malware attack
  • Critical & Public safety services interrupted
  • “Pen & paper” techniques implemented to continue functionality
  • Remains unknown how virus infiltrated network
  • San Benito Co. Sheriff’s Office restoration made priority
Read More

 
Calaveras Co. & Sheriff's Office

Breach Type - Hack

Times Union

  • Hacked to display pro-islamic state
  • ISIS Propaganda
  • Team System Dz takes credit
Read More

 
BACK TO TOP

Local Government

Hacker Attempt to Poison Water Supply in San Francisco Bay Area

Breach Type – Hacking

NBC News

  • On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn't seem hard.
  • The hacker had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.
  • After logging in, the hacker, whose name and motive are unknown and who hasn't been identified by law enforcement, deleted programs that the water plant used to treat drinking water.
  • The hack wasn't discovered until the following day, and the facility changed its passwords and reinstalled the programs.
  • No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report, which did not specify which water treatment plant had been breached, noted.
Read More

 
California City Computer System Down for Weeks In Ransomware Attack

Breach Type – Unknown, Ransomware

KGET

  • California City’s mayor said, computer system has been down since around late May following a ransomware attack and an emergency meeting is scheduled tonight to discuss the issue
  • No demands have been made since the server was attacked sometime between May 26 and June 1. City employees haven’t been able to use email or other computer resources
Read More

 
Sacramento City Suffers from Data breach on ParkMobile App

Breach Type – Hacking, Data Breach

ABC 10

  • The Sacramento Public Works Department is warning residents of a data breach on its ParkMobile parking app from March 2021. Department officials say the breach occurred due to a vulnerability in a third-party software used in the ParkMobile app. Some general account information was accessed in the breach, including license plate numbers, email addresses, and phone numbers
  • Officials say a small percentage of cases also included home mailing addresses. Encrypted passwords were also obtained in the breach, but department officials say the encryption keys required to view the passwords was not accessed
  • The Public Works Department said it also notified the appropriate law enforcement authorities about the breach
Read More

 
Santa Clara Valley Transportation Authority, Santa Clara County

Breach Type – Unknown, Ransomware

Patch

  • Bad actors are threatening to dump stolen data if demands are not met
  • Buses and light rails remain operational
  • An investigation is ongoing
Read More

 
El Monte City Hall servers, Los Angeles County

Breach Type – Unknown, Malware

San Gabriel Valley Tribune

  • El Monte PD and the Los Angeles County Sheriff's department are investigating unauthorized access to city hall servers
  • Internet and business lines were not interrupted by the attack
  • The city is planning to replace email servers out of an abundance of caution
Read More

 
CA DMV Vendor-Automatic Funds Transfer, State of California

Breach Type – Unknown, Ransomware

KCRA

  • The California Department of Motor Vehicles announced that a third-party company it utilizes experienced a security breach
  • It is unclear at this time if any DMV information was compromised from the attack
  • Data possibly exposed included records of include, names, addresses, license plate numbers and vehicle identification numbers
Read More

 
Yuba County

Breach Type – Unknown, Ransomware

Yahoo! News

  • Yuba County was recent victim of ransomware cyberattack
  • Attack encrypted systems, bad actors demanded payment
  • County took steps to isolate affected systems
Read More

 
City of Shafter, Kern County

Breach Type – Unknown, Ransomware

23 ABC News

  • Public statement was made about cities system being compromised
  • A post was made on Instagram stating the IT system appears to be frozen locked
  • No information appears to be stolen at this time, city officials are working with federal law enforcement to determine source
Read More

 
Madera County’s Court Website, Madera County

Breach Type - Hacking, Other

ABC 30

  • The county’s court website was targeted and changed to be a portal for pornography and prostitution
  • This redirect exposes any visitors to a Turkish escort related services page
  • Once the problem was noticed a new web address was issued as the data from the original website remains lost
Read More

 
San Francisco Employee's Retirement System, San Francisco County

Breach Type – Data Breach, Unknown

Bleeping Computer

  • A third party had accessed test environment servers with over 74,000 customer's information
  • Information exposed is said to not contain social securities or bank information but does contain potentially compromising information
  • Information could fuel further data breaches and potentially phishing scams
Read More

 
San Francisco International Airport, San Francisco County

Breach Type – Hacking, Data Breach

Bleeping Computer

  • Airport websites were hacked in data breach by bad actors
  • Bad actors placed malware onto websites to data mine credentials
  • Officials believed that members of public may have been affected as well
Read More

 
City of Torrance, Los Angeles County

Breach Type - Unknown, Malware

ABC 7

  • Email accounts were stopped following an attack on the city's servers
  • Some business operations have been stalled but communication remains open
  • No personal data was reported as compromised at this time
Read More
Tripwire

  • Bad actors erased city backups, encrypted hundreds of devices
  • Over 200 GB of files was also reportedly stolen during cyberattack
  • Data was ransomed for 100 bitcoin, equivalent to $700,000
Read More

 
Los Angeles County Government Systems, Los Angeles County

Breach Type – Phishing, Malware

Tech Wire

  • Numerous county employees received malware-laden emails
  • IT staff were able to contain the malware and prevented data exposure
  • County had previously been victim of similar attack and took precautionary measures
Read More

 
Contra Costa County Library & County Administrative Offices, Contra Costa County

Breach Type – Unknown, Ransomware

CCCLIB

  • Network outage caused by ransomware cyberattack
  • IT personnel disabled all servers hit in attack
  • Officials believed no personal information had been leaked
Read More

 
City of Seal Beach, Orange County

Breach Type – Unknown, Ransomware

Sun News

  • Ransomware cyberattack against city government targeted IT provider
  • Bad actors encrypted city's computers with ransomware
  • Email and voicemails were affected while emergency services were not
Read More

 
Fresno County & Fresno Council Of Governments (COG), Fresno County

Breach Type – Hacking, Ransomware

GV Wire

  • Thousands of files were locked by bad actors from Russia
  • Local government refused to pay ransom and lost affected files
  • COG forced to utilize new internet provider due to attacks
Read More

 
City of Galt, Sacramento County

Breach Type – Unknown, Ransomware

CBS Sacramento

  • Communications affected in cyberattack on city systems
  • Bad actors managed to place ransomware on network
  • Officials believed personal information was not leaked
Read More

 
Cucamonga Valley Water District, San Bernardino County

Breach Type – Hacking, Data Breach

Data Breaches

  • Online payment service, Click2Gov, used in data breach
  • Officials believed, but were uncertain, that credit card information was collected
  • Officials attempted to reassure the public that the situation was under control
Read More

 
City of San Marcos, San Diego County

Breach Type – Hacking, Malware

7 San Diego

  • Cyber attack leaves city employees without communications
  • IT officials disabled portions of computer network to mitigate attack
  • Officials stated that government files were secured
Read More

 
City of Livermore, Alameda County  

Breach Type – Unknown, Malware

 
   
Patch
 
 
  • California city hit with malware cyberattack, affected city hall computer systems
  • Officials discovered that virus had sent unauthorized emails from city accounts to residents
  • The unauthorized emails included an attachment in an effort to spread the virus further
  Read More
     
Patch
 
 
  • Emergency services remained operational, city email system and some phone lines were down
  • City, county, and state officials continued to work on restoring computer services
  • Officials commented that progress had been made, portions of network brought back online
  Read More
   

 
 
California Reimbursement Enterprises, Los Angeles County

Breach Type – Phishing, Data Breach

Health IT Security

  • Over 14,000 patient's information likely leaked after employee fell victim to phishing cyberattack
  • IT staff detected unusual activity and utilized third-party forensics team to assist investigation
  • Company provided billing service and eligibility for healthcare organizations throughout California
Read More

 
City of Bakersfield, Kern County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Bakersfield one of the eight cities impacted
Read More

 
Contra Costa County Elections Office, Contra Costa Co.

Breach Type - Phishing, Ransomware

Mercury News

  • Contra Costa County elections office hit by cyber phishing attack
  • Phishing e-mail used in attack led to point of origin being in Russia
  • Malware involved was likely ransomware, no data was compromised
Read More

 
Imperial County Website System, Imperial County

Breach Type - Unknown, Ransomware

LA Times

  • Imperial County website hacked from exterior source
  • Network was attacked by Ryuk ransomware
  • Ransomware demanded payment in bitcoin, county refused payment
Read More

 
Orange County Sanitation District, Orange County

Breach Type - Phishing, Data Breach

OCRegister

  • Over 1,000 employees were notified as their information was assessed following a phishing scheme
  • The district was notified after files noting a compensation fund were accessed within NFP Corp.
  • Employees were told to enroll in a fraud watch over their credit following this attack
Read More

 
California Department of Consumer Affairs

Breach Type - Malware

Sacramento Bee

  • California Department of Consumer Affairs suffered malware attack
  • 50 workstations affected, and computer networks disrupted
  • Despite entire network being shut down, consumers were still able to visit its website
Read More

 
City of Bakersfield, Kern County

Breach Type - Other, Data Breach

Bakersfield

  • Cyber security incident compromised personal & financial information of those who used Click2Gov online payment
  • City investigated & discovered an unauthorized party inserted a code into the Click2Gov system
  • The code found was designed to capture payment card data
  • A total of 2,400 user accounts may have been affected
Read More

 
City of Thousand Oaks, Ventura County

Breach Type - Other, Data Breach

Thousand Oaks Acorn

  • City of Thousand Oaks’ online bill-pay service has been compromised for the second time in the past year
  • Damage is extremely limited
  • Customer contacted City Hall about a credit card fraudulently used elsewhere
  • Suspicious file found on the server by City’s vendor
  • Immediately, server taken offline
Read More

 
City of Indio, Riverside County

Breach Type - Other, Data Breach

StateScoop

  • City of Indio residents fall victim to data breach
  • Vulnerability in Click2Gov software exposes payment cards used online
  • The payment cards and some private information was exposed
  • No illicit activity has impacted residents yet
Read More

 
Congressional District Democratic Candidate’s Campaign Website

Breach Type - Other/TDoS/DDoS

Rolling Stone

  • California Democrat Bryan Caforio fell victim to DDoS attacks, known as Hulk attacks, which shut down his campaign website for 21 hours during the primary election season
  • Voters were unable to access campaign website, learn information on the candidate, and unable to donate to his campaign as a result
  • Cyber experts believe the attacks were launched using AWS server space
  • Department of Homeland security was notified by the campaign and willing to launch investigation into the repeated incidents
Read More

 
City of Morgan Hill, Santa Clara County

Breach Type - Other/Data Breach

Morgan Hill Times

  • Hundreds of Morgan Hill employees’ financial information exposed
  • W-2 Summary report accessed by hackers
  • 480 former & current city employees affected in hack
Read More

 
City of Oxnard, Ventura County

Breach Type - Other/Data Breach

KEYT 3

  • Data breach compromised personal information of Oxnard's online utility payers
  • Vulnerability in city's software allowed hackers to gain confidential information
  • City of Oxnard shut down system to implement additional security measures
Read More

 
City of Pasadena

Breach Type - Phishing

Pasadena Now

  • City employee email accounts compromised through phishing scheme
  • Hackers use access to accounts to send out fraudulent emails to city contacts
  • City immediately disabled accounts & changed passwords of all city employees
  • Advising residents/associates to take caution when opening emails from city
Read More

 
City of Thousand Oaks, Ventura County

Breach Type - Other/Data Breach

California Office of Attorney General

  • Unauthorized actor potentially gained access to City vendor
  • Click2Gov online payment system contained credit card transactions
  • Those potentially affected, advised to review payment card account statements closely
Read More

 
California State Election System

Breach Type - Hacking

NBC News

  • Claims websites were affected & scanned
  • Claims hacks were not directly related to voting
  • Want to take preventative measures for next election
Read More

 
Sausalito City Government

Breach Type - Phishing

KQED News

  • Current and former Sausalito government employees had W2 info exposed
  • 147 employees affected
  • City notified IRS, FBI, & California Franchise Tax Board
  • Sausalito Police Department investigating the breach
Read More

 
City of Alameda Website

Breach Type - Cryptojack/Other

WCCF Tech

  • Over 4,200 victims hijacked to mine Monero cryptocurrency
  • Secretly hijacked using compromised plug-in called "Browsealoud"
  • Though sites were affected for hours, no user data was affected/compromised
Read More

 
California Voter Registry

Breach Type - Ransomware

SC Magazine

  • Unprotected MongoDB server
  • Database has been deleted by cyber criminals
  • Ransom note demanding 0.2 bitcoin ($2,325.01 at time of discovery)
  • 19.2 million voter records stored in server
Read More

 
Stanislaus Co.

Breach Type - Cryptojack/Other

KCRA

  • Behavioral health and recovery services computer network compromised by ransomware
  • Stanislaus Co. has mitigated ransomware attacks in past
  • Shut down and quarantined infected networks
  • All behavioral health recovery services remain available to patients
Read More
The Modesto Bee

  • Hackers demanded $65,000 in bitcoin
  • County does not intend to pay ransom
Read More

 
City of Sacramento, Sacramento Co.

Breach Type - Phishing, Data Breach

City of Sacramento IT Department

  • City compromised by unknown source
  • City employment applicants affected in data breach
Read More
Sacramento Business Journal

  • Cyber attack potentially compromised 550 job applicants
  • 2017 breach result of "very creative" phishing scam
Read More

 
Los Angeles Superior Court Employees

Breach Type - Phishing

Washington Times

  • 500 employees received fraudulent emails
  • Emails led to fake websites asking for account credentials
  • Less than a dozen employees fell for phishing scam
  • 31 year old Texas Resident responsible for hack
Read More

 
Sacramento Regional Transit

Breach Type - Ransomware

Sacramento Bee

  • Hackers demand $8,000 ransom
  • Attack erased necessary computer programs affecting internal operations
  • Determined that no data was stolen
Read More

 
City of Oceanside, San Diego County

Breach Type - Other, Data Breach

California Office of Attorney General

  • Costumer payment card compromised through City of Oceanside’s Utility Bill Payment Services
  • City contracted with cybersecurity expert to investigate
  • Malicious code had infiltrated the vendor supported online payment system
Read More

 
Los Angeles County Board of Supervisors

Breach Type - Hack

SCV News

  • Website homepage displayed pro-ISIS propaganda
  • 1 of 4 U.S. websites hacked the same way
  • Team System Dz claims responsibility for attack
Read More

 
Los Angeles County

Breach Type - Hack

Fox News

  • Possible exposure of 750,000+ personal data
  • Nigerian hacker identified as Kevin Onaghinor
  • Phishing email deceived 108 county officials into entering email and passwords
  • There has been no evidence that confidential information was breached
Read More

 
San Francisco's Municipal Transportation Agency

Breach Type - Ransomware

ARS Technica

  • Crypto-ransomware infects Muni system networks
  • Hacker asks for $73,000
  • Hacker gave email address associated with Mamba and HDDCryptor
  • No information was compromised and systems returned to regular operations
Read More
NY Times

  • SFMTA states they never considered paying the ransom
  • Malware infected systems through an email link
Read More

 
Yuba City

Breach Type - Ransomware

Appeal Democrat

  • Attacked by ransomware virus, IT department quickly tracked and shut down network
  • 4 of 350 computers infected with the virus
  • No data lost or compromised, hacker was not paid ransom
Read More

 
Los Angeles County Health Department

Breach Type - Ransomware

LA Times

  • Remnants of ransomware thread on five computers
  • Operations not affected
  • County is aggressive in preventing cyber attacks
Read More
Data Breaches

  • County did not pay ransom
Read More

 
BACK TO TOP

Medical

Over 420,000 Compromised in Health Plan Email Hack

Breach Type – Hacking, Data Breach

DataBreaches.net

  • On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020
  • HPSJ sent out notifications and notified the Maine Attorney General’s Office of the incident, reporting that, “the information that could have been subject to unauthorized access includes name, address, and Social Security number.”
  • Although the health plan says they do not know for sure what was possibly accessed or viewed, those being notified were offered 12 months of credit monitoring
  • 420,433 have been sent notifications of this incident, which has not (yet) shown up on HHS’s public breach tool. The notification to regulators does not indicate how many employee email accounts were compromised, and whether they were all compromised by phishing or some other method
Read More

 
Scripps Health, San Diego County

Breach Type – Unknown, Ransomware

La Jolla Light

  • Ransomware attack occured on May 1
  • The health system's four main hospitals are exclusively operating with paper records
  • There is currently no system restoration timeline that has been made public
Read More

 
Remedy Medical Group, San Mateo County

Breach Type – Phishing, Data Breach

Data Breaches

  • Vendor Administrative Advantages observed suspicious activity on an employee email account in July 2020
  • Compromised information includes, but is not limited to, names, SSNs, financial account information, driver’s license and/or state identification numbers, credit and/or debit card information, birth dates, passport numbers, electronic signature information, username and password information, Medicare numbers, Medicaid numbers, and health insurance information
  • AA is unaware of any misuse of compromised information
Read More

 
Health Net, Los Angeles County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Data from parent company Centene was compromised during Clop ransomware attack on Accellion
  • Compromised information includes, but is not limited to, birth dates, insurance numbers, and addresses
  • 1,236,902 members of Health Net affected in the breach
Read More

 
Stanford University Medical School, Santa Clara County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Threat actors likely accessed health information
  • Breach occurred in third-party vendor's infrastructure
  • Threat actors claimed to have published links to download medical information online
Read More

 
Sutter Buttes Imaging Medical Group, Sutter County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Healthcare provider forced to notify patients following cyberattack
  • Bad actors likely accessed protected, and private, health information
  • Breach occurred in third-party vendor's infrastructure
Read More

 
Sonoma Valley Hospitals, Sonoma County

Breach Type – Unknown, Malware

Becker's Hospital Review

  • Healthcare provider disabled computer network following cyberattack
  • Systems were taken offline to mitigate damage
  • Officials stated that emergency services remained available
Read More
Sonoma Sun

  • Officials confirmed that ransomware was used in cyberattack
  • Hospital refused to pay ransom demanded by bad actors
  • Patient information was likely compromised
Read More
Becker's Hospital Review

  • Nearly 67,000 patients had records exposed following ransomware attack
  • Third-party IT specialists were contacted for assistance
  • Leaked information included names, dates of birth, addresses, and private medical information
Read More

 
Rady Children's Hospital, San Diego County

Breach Type – Unknown, Data Breach

Fox 5

  • Names, addresses, and other private medical information was accessed
  • Hospital offered steps on protecting personal information, as well as credit monitoring
  • Affected individuals were encouraged to reach out directly to the healthcare provider
Read More

 
Sonoma Valley Hospitals, Sonoma County

Breach Type – Unknown, Malware

Becker’s Hospital Review

  • Sonoma Valley Hospital reported that bad actors were able to render computer systems offline for nearly two weeks
  • The security incident was identified on October 11th and had rendered the computer systems offline
  • Computer systems are still not fully restored, and the hospital is unable to post anything medical related to its patient portal
Read More

 
Amphastar Pharmaceuticals, San Bernardino County

Breach Type – Unknown, Ransomware

Data Breaches

  • Bad actors uploaded private files following ransomware cyberattack
  • Officials stated they would refuse to pay any ransom demand
  • Company utilized computer backups to restore lost data
Read More

 
Salinas Valley Memorial Healthcare System, Monterey County

Breach Type – Phishing, Data Breach

Becker's Hospital Review

  • Private health information exposed during cyberattack
  • Employee account had been compromised via elaborate phishing scheme
  • 786 individuals had information leaked
Read More

 
Central California Alliance for Health, Merced, Santa Cruz, and Monterey Counties

Breach Type – Phishing, Data Breach

Merced Sunstar

  • The Health alliance had notified the public that it had discovered a data breach within its network systems
  • It was unknown if the exposed information had been misused by bad actors
  • Following the discovery of the suspicious activity an investigation was launched and termination of the employee email accounts ensued
Read More

 
American Medical Technologies, Orange County

Breach Type – Phishing, Data Breach

Becker's Hospital Review

  • AMT had publicly released that thousands of patients information had been exposed
  • The company which tends to senior care discovered the activity on an employee email account
  • The information of almost 50,000 patients was exposed including social security numbers, medical records and more
Read More

 
Electronic Waveform Lab, Orange County

Breach Type – Unknown, Ransomware

Markets Insider

  • Third party IT firm and law enforcement notified following cyberattack
  • IT personnel were able to restore data from backups without issue
  • Officials advised that they would take additional precautions in the future
Read More

 
Stockdale Radiology, Kern County

Breach Type - Unknown, Ransomware

Data Breaches

  • Patient file sample sent to third party following ransomware hit
  • Healthcare center was victim of cyberattack, data was locked
  • Bad actors accessed restricted and confidential information
Read More
Data Breaches

  • Ransomware used in cyberattack against healthcare provider
  • Bad actors exposed and publicly shared illegally obtained information
  • Officials discovered numerous files that had been accessed
Read More

 
Golden Valley Health Centers, Merced County

Breach Type – Phishing, Data Breach

Data Breaches

  • Patient information possibly exposed in cyberattack
  • Health center notified potentially affected patients
  • Officials confirmed health center would take extra precautions
Read More

 
Vibrant Care Rehabilitation

Breach Type - Phishing, Data Breach

Data Breaches

  • Over 1,600 patients were contacted following bad actors accessing an employee's email account exposing patient information
  • The information varied from email to email exposing different patients to different severities of potential threat
  • It is unknown if the has been any illegal use of the information accessed following the attack
Read More

 
Rady’s Children Hospital, San Diego County

Breach Type - Hacking, Data Breach

Data Breaches

  • Open port left on network was likely to have permitted data breach
  • Bad actors accessed private patient information on servers
  • Third party IT firm utilized in investigation and restoration
Read More

 
Enloe Medical Center, Butte County

Breach Type - Unknown, Ransomware

Action News Now

  • Healthcare facility's network data encrypted in cyberattack
  • Bad actors used ransomware in the hit
  • Officials remained unsure when services would be restored
Read More

 
Adventist Health Simi Valley, Ventura County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review

  • Healthcare facility was victim of phishing cyberattack
  • Bad actor redirected payments in attempt to steal
  • Officials confirmed no other systems affected
Read More

 
PIH Health, Los Angeles County

Breach Type – Phishing, Data Breach

Data Breaches

  • Health provider employee email accounts breached
  • Bad actors tricked employees using phishing scheme
  • Patient private and medical information likely stolen
Read More

 
Wood Ranch Medical, Ventura County  

Breach Type – Unknown, Ransomware

 
   
Data Breaches
 
 
  • California medical facility hit with ransomware attack causing business to permanently cease operations
  • Cyberattack encrypted all patient healthcare information in database
  • Potentially leaked information includes names, dates of birth, medical insurance information
  Read More
     

 
 
Marin Community Clinics, Marin County

Breach Type - Unknown, Ransomware

Marinij

  • A cyber attack on Marin systems rendered clinics without computers until the following Friday afternoon
  • In an attempt to regain services an unknown amount of ransom was paid out following advice of a network operator
  • In order to maintain normal operations all staff resorted to using paper and it was expected there was no data lost
Read More

 
Shingle Springs Health and Wellness Center, El Dorado County

Breach Type - Unknown, Ransomware

HIPAA Journal

  • Over 20,000 patients were potentially exposed due to a ransom attack that occurred
  • The center is attempting to repair and update the systems following a new server installation
  • The attack may have been an attempt to gain money on the attackers side with private information as another potential extort
Read More

 
Podiatric Offices of Bobby Yee, Monterey County

Breach Type - Ransomware

Data Breaches

  • Podiatric Offices of Bobby Yee fell victim to ransomware attack
  • Unauthorized alteration and potential corruption of private patient data
  • No evidence surfaced that data was exfiltrated
Read More

 
National Ambulatory Hernia Institute, Orange County

Breach Type - Phishing, Ransomware

Data Breaches

  • Malicious email address delivers Gamma ransomware attack to National Ambulatory Hernia Institute server
  • Some private patient data potentially accessible by hackers
  • All data has since been moved to an off-site server and steps have been taken to eliminate future breach
  • Robust firewall and antivirus services purchased to combat future threats
Read More

 
Guardant Health, San Mateo County

Breach Type - Phishing, Data Breach

San Francisco Business Times

  • Hackers obtain private patient data
  • Guardant Health fell victim to phishing scheme
  • 1,100 patients potentially affected by breach
Read More

 
San Francisco Institute on Aging, San Francisco County

Breach Type - Phishing, Data Breach

California Department of Justice

  • Hackers access Institute on Aging Employee email account
  • Account contained private health and financial data of patients
  • At least 3,907 residents of California potentially affected in data breach
Read More

 
Center for Orthapaedic Specialists

Breach Type - Ransomware

DataBreaches

  • Center has three locations in CA – all affected in cyber attack
  • Hackers infected the main server with ransomware
  • Informed 85,000 current and former patients of potential data breach
  • Notified law enforcement & offered identity protection to those possibly affected
Read More

 
Sangamo Therapeutics, Inc.

Breach Type - Hack

DataBreaches

  • Senior executive's email account compromised
  • Sangamo notified federal law enforcement about breach
  • Personal information accessed and may be compromised
Read More

 
White & Bright Dental

Breach Type - Hack

Office of Attorney General

  • White & Bright notifies patients on breach of computer server with sensitive information
  • All personal information of patients could have been accessed
  • Advises those potentially affected to be vigilant of their data &provides credit monitoring
Read More

 
Ron’s Pharmacy Services, San Diego County

Breach Type - Hack

Ron's Pharmacy Services

  • Hack affected employee email account of Ron's Pharmacy Services
  • Hackers viewed limited information contained in account
  • No Social Security numbers or private financial information accessed
Read More

 
Community Memorial Health System

Breach Type - Phishing

VC Star

  • Email phishing scam leads to security breach
  • 959 patients’ personal information potentially accessed
  • Agency offering affected individuals free identity protection/credit monitoring services
  • Security measures taken and employees given additional training
Read More

 
University of California, Davis Health

Breach Type - Phishing

Healthcare IT News

  • Davis Health employee fell victim to phishing scheme
  • Hackers able to access & obtain patient PHI
  • 15,000 patients potentially affected in breach
Read More

 
East Valley Community Health Center

Breach Type - Ransomware

HIPAA Journal

  • Center notifies 65,000 patients of potential breach following ransomware attack
  • Limited data potentially accessed not including financial information
  • Ransomware variant known as Troldesh/Shade
  • Preventative steps taken to reduce likelihood of future attacks
Read More

 
Bay Sleep Clinic

Breach Type - Accidental Data Breach

DataBreaches

  • Clinic offers video monitoring of patients
  • Did not properly secure a camera and video footage of a patient could be viewed by anyone
  • Miscellaneous source reported to DataBreaches the video was on insecam.com
  • DataBreaches reached out to Bay Sleep Clinic with urgency, did not receive a response
Read More

 
USC Keck and Norris Hospitals

Breach Type - Ransomware

Keck Medicine

  • Ransomware discovered on two servers
  • Attack isolated to avoid spread to other servers
  • Fully remediated situation, restored data from encrypted folders to servers
  • No ransom paid
  • As a precaution: notified patients whose health or other personal data was in affected folders
Read More

 
Yuba-Sutter Medical Clinic

Breach Type - Ransomware

DataBreaches

  • Notifies patients ransomware attack took place in early August
  • Regained access quickly and no data was lost
  • Experienced some delays in accessing internal information
  • No personal information released or exfiltrated
Read More

 
Marin Medical Practices Concepts

Breach Type - Ransomware

Mercury News

  • Paid a ransom to regain access to data
  • Amount of paid ransom remains unknown
  • Declined to say whether law enforcement was involved
  • No evidence that patients’ data was accessed
Read More

 
State Health Insurance Website

Breach Type - Security Vulnerabilities

AP News

  • Federal investigators found significant cyber security vulnerabilities
  • Vulnerabilities could enable hackers to access a wealth of sensitive personal data
  • Weaknesses found by Government Accountability Office
  • Officials in California said there is no evidence hackers have stolen anything
Read More

 
BACK TO TOP

Education

Visalia Unified School District Hit by Ransomware Attack

Breach Type – Unknown, Ransomware

YourCentralValley.com

  • The Visalia Unified School District announced Tuesday it has been the victim of a “ransomware” attack that impacted the operation of the district’s IT systems
  • The district said many IT systems are offline until further notice and that local and federal law enforcement have been notified and are aware of the incident
Read More

 
University of California, Los Angeles County

Breach Type – Hacking, Data Breach

The Hill

  • University data was compromised through the ransomware attack on Accellion
  • Compromised information includes names, birth dates, SSNs, and bank account information.
  • Investigation is ongoing
Read More

 
Newhall School District, Los Angeles County

Breach Type – Unknown, Ransomware

CBS Los Angeles

  • School forced to cancel online classes following ransomware cyberattack
  • Officials reported that bad actors disabled their network
  • Legal team and insurance provider were consulted following attack
Read More

 
Selma Unified School District, Fresno County

Breach Type – Unknown, Ransomware

KMPH Fox 26

  • School district computer network hit in ransomware cyberattack
  • IT personnel took precautionary measures and had the network shut down
  • Officials remained uncertain as to total damage caused by the attack
Read More

 
Rialto School District, Los Angeles County

Breach Type – Unknown, Malware

Infosecurity Magazine

  • Virtual classes were forced to shut down following cyberattack
  • IT personnel remained diligent in their efforts to restore the network
  • Students with school-assigned devices were encouraged to return them for cleaning
Read More

 
Imperial Valley College, Imperial County

Breach Type – Unknown, Ransomware

Calexico Chronicle

  • Telephone systems were taken out following ransomware cyberattack
  • Bad actors managed to shut down phones and additional unknown systems
  • Officials continued to investigate the attack, remained unsure if personal information was leaked
Read More

 
Cal State Northridge, Los Angeles County

Breach Type – Unknown, Data Breach

OC Register

  • Bad actor was unsuccessful in placing ransomware over cloud hosting software for Cal State
  • No sensitive information was exposed but ransomware was still paid by cloud hosting service
  • Customers affected were notified promptly of potential exposure
Read More

 
Carpinteria Unified School District (CUSD), Santa Barbara County

Breach Type – Unknown, Ransomware

Coastal View

  • School district's network taken out in ransomware cyberattack
  • District reported $90,000 in damage according to superintendent
  • IT personnel were praised for quick action, school to file insurance claim
Read More

 
University of California San Francisco, San Francisco County

Breach Type – Unknown, Ransomware

Ed Scoop

  • Bad actors used ransomware in cyberattack against college
  • Screenshots of leaked information were posted to a blog
  • Third party cybersecurity professionals and law enforcement have been contacted
Read More
Data Breaches

  • UCSF IT officials stated they identified and ceased unauthorized access to network
  • Officials further stated they had been working closely with FBI
  • School system has not publicly confirmed which ransomware they were hit with
Read More
Data Breaches

  • School officials decided to pay ransom of nearly $1.4 million to bad actors
  • IT personnel worked closely with third party cyber professionals
  • Officials believed patient medical records remained intact
Read More

 
California School Districts, State of California

Breach Type – Hacking, Data Breach

Identity Theft Resource Center

  • Software that affects over 600 schools suffered a data breach following a unauthorized access into accounts
  • It had been discovered that both student and parent information was exposed such as login information addresses and more
  • Due to the nature of the network if bad actors gain access to any email account they can potentially access other accounts like financial or social media
Read More

 
San Dieguito Union High School District, San Diego County

Breach Type – Phishing, Data Breach

NBC 7 San Diego

  • Bad actor's likely accessed personal information during data breach
  • Investigations confirmed breach occurred in summer of 2019
  • Officials uncertain about accessed information, likely included SSN, ID numbers
Read More

 
Mountain View-Los Altos Union High School District, Santa Clara County

Breach Type – Unknown, Ransomware

Bitcoinist

  • Bitcoin demanded during ransomware cyberattack
  • District credit cards used by bad actors after attack
  • Bad actors likely originated in Russia or China
Read More

 
Panama-Buena Vista School District, Kern County

Breach Type – Unknown, Ransomware

Turn To 23

  • Teaches left unable to deliver report carts after cyberattack
  • Ransomware was utilized by bad actors to affect school systems
  • Federal authorities investigated the cyberattack
Read More

 
Pittsburgh Unified School District, Contra Costa County

Breach Type – Unknown, Ransomware

Data Breaches

  • Law enforcement and IT providers investigated ransomware attack
  • Affected servers taken offline, phone systems remained functional
  • Officials believed no private information was stolen
Read More

 
Tulare Joint Union High School District, Tulare County

Breach Type – Unknown, Ransomware

Visalia Times Delta

  • Administrative and financial information was target of ransomware cyberattack
  • Officials advise that no financial or student information was taken
  • School district outsourced IT assistance from third party
Read More

 
San Bernardino City Unified School District, San Bernardino County

Breach Type – Unknown, Ransomware

KTLA 5

  • Ransomware cyberattack forced school district to resort to older methods
  • Officials confirmed that student and parent information was unaffected
  • School was unable to utilize email system until issue resolved
Read More

 
Sylvan Unified School District, Stanislaus County

Breach Type - Unknown, Malware

Modbee

  • The school district put in a ticket for an attack launched against their computer system
  • Costs were easily over $100,000 in attempts to repair systems in over 10 schools
  • Staff were unable to use basic network features and report cards and state testing were delayed
Read More

 
Carmel Unified School District, Monterey County

Breach Type - Phishing, Data Breach

Data Breaches

  • Carmel Unified School District successfully attacked by phishing
  • Acquired documents potentially included SS numbers, marriage certificates, birth certificates, and other sensitive documentation
  • School District stated they would improve data security going forward
Read More

 
Centinela Valley Union High School District, Los Angeles County

Breach Type - Phishing, Data Breach

Data Breaches

  • Sensitive W2 employee information may have been compromised
  • Hackers disguised phishing email as one from inside of the school district
  • IRS and federal law enforcement has been contacted regarding this incident
Read More

 
San Diego Unified School District, San Diego County

Breach Type - Phishing, Data Breach

News Week

  • Hackers gathered network access log-in information from staff
  • Used log-in information to access district’s network services, including the district student database
  • Personal data may have been compromised
Read More

 
Sacramento State University, Sacramento County

Breach Type - Phishing, Other

State Hornet

  • Sacramento State reported 350+ compromised accounts due to phishing attack
  • Malicious IP addresses originated in the United Kingdom
  • Students and staff advised to update university account credentials
Read More

 
Ygnacio Valley High School, Contra Costa County

Breach Type - Phishing

KTVU

  • High school student uses phishing scheme to infiltrate Mount Diablo Unified School District IT Network
  • Sent phishing scheme to teachers & the teachers entered account credentials into malicious website
  • Student changed grades of multiple students
Read More

 
Long Beach City College

Breach Type - Hack

Long Beach Post

  • Technology systems down due to malware
  • Employee email system down & enrollment/payment software for students down
  • Classes continue despite attack
Read More

 
Ventura County's Office of Education

Breach Type - Hack

VC Star

  • Websites of numerous school districts went offline
  • 7 total websites down
  • Websites hacked with pro-ISIS propaganda
  • Part of multiple website hacks of government/education across United States
Read More

 
Los Angeles Valley College

Breach Type - Ransomware

Bleeping Computer

  • Hackers gave one-week deadline for ransom money
  • District Board agreed to use money in their cyber insurance funds
  • Los Angeles Community College District paid $28,000 ransom
Read More

 
Kern County Superintendent of Schools

Breach Type - Phishing

DataBreaches

  • Kern County payroll department fell victim to phishing scam
  • Employees notified same day of breach
  • Personal information of more than 2,500 employees starting in 2015, was breached
Read More

 
BACK TO TOP