Public Safety

San Bernardino County Sheriff's Department shuts down internet systems following recent cyberattack

Breach Type – Phishing, Ransomware

ABC 7 News
April 23rd, 2023

“More than two weeks after the San Bernardino County Sheriff's Department was hit with a cyberattack, the department is still working to get all of its systems back online."
“Multiple sources have told Eyewitness News that the hack likely started after someone clicked a hyperlink that was malicious, and that suddenly encrypted many of the department's systems.”
”The sheriff's department was able to recover the data, but out of precaution they shut down most of its systems, including email, internet and many computers in the department's vehicles just to make sure there were no more security threats.”.
"Public safety operations have not been affected," the department said in a statement.

Silicon Valley
May 5th, 2023

"San Bernardino County acknowledged this week that it has paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system. For weeks, the county said little publicly about the hack, other than to call it a “network disruption.”
“…the city said that it was a subcontractor of the company Water Works uses for customer care and billing solutions that noticed the problems on its servers.”
"David Wert, a county spokesman, said the county had anticipated such a computer invasion and had taken out insurance. He said that of the $1.1 million payout, the county’s share was $511,852 and that the insurance company paid the rest.
“Sheriff Shannon Dicus said Wednesday that the cyberattack did not compromise public safety but workarounds were required for certain tasks. For instance, he said, deputies could not access the California Law Enforcement Telecommunications System, which can tell deputies when a person is wanted for crimes elsewhere in the country. So deputies would request other agencies check the CLETS records.”

Ransomware group threatens to post files stolen from Oakland, Calif., Alameda County

Breach Type – Unknown, Ransomware

OaklandSide.org
February 23rd, 2023

”The city’s call center for non-emergency services, OAK311, is experiencing an outage. Concerns are being raised over the city of Oakland’s ability to respond to weather-related issues due to a recent ransomware attack that’s made some key services inoperable."
"One system that’s experiencing a partial outage is the Oakland’s call center for reporting non-emergency requests for service, OAK311. Normally available via phone or the web, OAK311 is the main place for residents to report damage caused by weather like downed trees, flooding, and landslides.”
“The OAK311 phone system is experiencing a temporary outage. Oakland’s public information officer told The Oaklandside the outage is related to the cyberattack that has shut down many of the city’s non-emergency systems. 311 reports can still be made online, however.”

State Scoop
March 3rd, 2023

"A ransomware group that claimed responsibility for an incident last month that upended government operations in Oakland, California, now says it intends to publish data stolen from city as soon as March 4th, according to a notice published on an extortion site this week.”
“The group, known as Play, announced its intentions Thursday, claiming that data stolen from the municipal network includes “private and personal confidential data, financial, gov, etc. IDs, passports, employee full info, human rights violation information,” according to a screenshot of the group’s leak site.”
"Oakland officials first observed a network disruption Feb. 8, shutting down numerous internal and external computer systems, causing many city bureaus to suspend services, including applications related to public information, collecting payments, issuing permits and processing reports. The incident is under investigation by state and federal law enforcement agencies, and the city has also brought in private investigative and recovery firms.”
”Several functions that had been knocked offline by the ransomware incident, including Oakland’s 311 line, permit applications and contracting opportunities, were brought back this week, but several others remain down, including online business tax filings, parking ticket payments and online permit payments. City officials’ latest update Friday also acknowledged the new threat to leak city data.”
”The Play group, which made public its involvement in the Oakland incident Thursday, emerged last June, leaving its victims with simple, one-word ransom notes bearing its name.”

Personal Data Exposed in Cyber Attack on Modesto, Calif., PD, Stanislaus County

Breach Type – Unknown, Ransomware

MODBEE.com
February 9th, 2023

"The Modesto police department has been hacked in recent days by ransomware, multiple sources with direct knowledge of the incident told The Bee late Wednesday.”
"While the extent of the damage is not fully known, the cybersecurity breach has disabled patrol vehicle laptops, causing officers to resort to “old school policing.” Since the attack, officers must write down the details of the calls they receive from dispatch rather than receiving them through electronic communication.”
”Modesto officials would not confirm the attack Wednesday after but issued a statement Wednesday afternoon after The Bee inquired about the matter. The city is conducting an investigation with leading cybersecurity experts after it “recently detected suspicious activity on (its) digital network,” according to the statement.”
”Modesto is “experiencing limited connectivity to some systems. Our ability to facilitate city services including emergency service and answer 911 calls is fully operational. We thank our residents for their patience and understanding,” according to the statement.”
”Modesto said in its statement that it “strategically disconnected portions of (its) network out of an abundance of caution.” One of the sources said Modesto officers can be heard on police scanners telling dispatch when they are transporting suspects to jail or asking for their next call after completing their current one. These communications had been done by computer before the attack.”

GovTech
March 3rd, 2023

"Modesto confirmed Thursday that the Feb. 3 security breach of its Police Department's digital network was a ransomware attack and said that a number of people's personal information, including Social Security and driver's license numbers, may have been accessed.”
"Beginning next week, the City of Modesto will begin notifying individuals via U.S. mail that may have been impacted by this unauthorized access and provide them with complimentary credit monitoring services," according to a city news release.
The release states the city's investigation "determined that a limited amount of information was accessed during this incident."
”He said Modesto disconnected its Police Department's digital network from the rest of the city's network. He said only the Police Department's network was affected by the incident.”

Computers Are Down For Sebastopol Police, Sonoma County

Breach Type – Unknown, Malware

KSRO
July 14th, 2021

“Sebastopol Police are looking into a computer system failure at the department.”
“Officers are now resorting to using pens and paper on the job, and the nature of the computer system crash> is unknown according to officials.”

“Experts are working on repairing the system, but officials say the department remains fully operational.”

Azusa Police Suffered a Ransomware Attack. City Kept It a Secret.

Breach Type – Unknown, Ransomware

Los Angeles Times
June 3rd, 2021

In the most recent attack, the police were not locked out of their computers, instead, the suspected assailants, a group known as DoppelPaymer, announces in early March that they had copied huge amounts of data and would release it on the so-called dark web if a ransom wasn’t paid
DoppelPaymer, demanded 15.5 bitcoin, which was worth about $800,000 at the time according to city manager
When the ransom deadline passed, the hackers placed 7 gigabytes of Azusa data online. The materials included negative files, including recordings of witness interviews, a gang database and arrest reports, and office payroll data. As of Monday, the index page for the data had received more than 11,000 views

Azusa Police Computers Hit by Ransomware Attack

Breach Type – Unknown, Ransomware

SGV Tribune
May 28th, 2021

Azusa police fell victim to a ransomware attack and the suspect got access to information in the department’s computers
Azusa police fell victim to a ransomware attack and the suspect got access to information in the department’s computers
Police haven’t arrested anyone yet and haven’t determined how many people were affected by the security breach. The department has no evidence of actual or attempted misuse of the information
Police said this information may have included Social Security numbers, driver’s license numbers, California ID numbers information on financial accounts or health insurance

San Diego Law Enforcement Coordination Center, State of California

Breach Type – Hacking, Data Breach

CBS 8
November 24th, 2020

Thousands of bulletins were posted online in a recent BlueLeaks release
Some bulletins released contained information regarding public schools
Other releases contained very private and important information

The Joint Regional Intelligence Center, Los Angeles County

Breach Type – Hacking, Data Breach

Wired
June 22nd, 2020

Over one million sensitive law enforcement files were released following cyberattack
Bad actors dumped a collection of 269 gigabytes of data
Officials advised that much of the information originated in law enforcement fusion centers

Union City Government Systems, Alameda County

Breach Type – Unknown, Malware

ABC 7 News
September 23rd, 2019

Union City computer system taken offline over weekend due to viral cyberattack
Officials stated that attack was not ransomware, but was unsure how long systems would be affected
City official was unsure exactly what type of virus, but that IT had discovered it

City of Lodi & Lodi Police Department, San Joaquin County

Breach Type – Phishing, Ransomware

Gov Tech
July 31st, 2019

City of Lodi victim of cyber attack that affected phone lines and financial systems
Ransomware encrypted critical files, knocking out numerous phone lines
Ransom demanded 75 bitcoin, city refused to pay and rebuilt systems instead

City of Los Angeles Personnel Department, Los Angeles County

Breach Type – Hacking, Data Breach

NBCLosAngeles
July 29th, 2019

City of Los Angeles Personnel Department victim of data breach
Hacker stated they stole information of 20,000 individuals, many LAPD officers
Data included names, birthdates, partial social security numbers, and e-mails

City of Banning & Banning Police Department, Riverside County

Breach Type - Unknown, Ransomware

Record Gazette
May 3rd, 2019

City officials advised they were attacked by Ryuk ransomware virus
Officials further stated that all files on all computers have been inaccessible
No ransom demands were discovered, Police Department systems restored first

Port of San Diego & San Diego Harbor Police Department, San Diego County

Breach Type - Ransomware

The San Diego Union-Tribune
September 26th, 2018

Port of San Diego targeted by highly sophisticated ransomware attack
Attack additionally impacted the San Diego Harbor Police Department
The police department is forced to use alternative technology systems as a result
Port has placed public safety systems on high priority for restoration

San Benito Government & Public Safety Systems, San Benito County

Breach Type - Malware

BenitoLink
August 29th, 2018

County systems down for more than a week due to malware attack
Critical & Public safety services interrupted
“Pen & paper” techniques implemented to continue functionality
Remains unknown how virus infiltrated network
San Benito Co. Sheriff’s Office restoration made priority

Calaveras Co. & Sheriff's Office

Breach Type - Hack

Times Union
June 28th, 2017

Hacked to display pro-islamic state
ISIS Propaganda
Team System Dz takes credit

Local Government

Hackers Release Socials, Personal Data of Oakland Employees, Alameda County

Breach Type – Uknown, Ransomware

NEWSREBEAT.com
February 11th, 2023

"The city of Oakland confirmed a ransomware attack Friday night. As they explained, various computer systems of the public administration have started to experience problems of functioning, although they guarantee it critical infrastructure has not been compromised.”
“City officials released a statement Friday afternoon saying the ransomware attack began Wednesday night. Computers in all Oakland public libraries were reportedly down, forcing librarians to use roadmaps transfer books from one branch to another.”
"On Thursday evening, Yassin said city officials sent an email to government employees attributing service outages to the ransomware attack that began Wednesday.”
”As a precautionary measure, ITD is asking staff not to reconnect to the network until further notice. It is not known that 911 Dispatch, the urban mobile devices, Office 365, NeoGov, OakWiFithe city website, Oracle and other services are affected.”

CBS NEWS-San Francisco
February 14th, 2023

"Oakland declared a local state of emergency Tuesday because of ongoing impacts of a ransomware attack that has resulted in network outages to the city's systems.”
“…the city said that it was a subcontractor of the company Water Works uses for customer care and billing solutions that noticed the problems on its servers.”
"The city announced that Interim City Administrator G. Harold Duffey issued the state of emergency in order to allow the city to activate emergency workers, expedite the procurement of equipment and materials to restore systems, and issue orders on an expedited basis.”
“The ransomware attack began the evening of Feb. 8, police and city officials said Friday. Such attacks involve someone encrypting files and demanding ransom to decrypt them. The encryption makes the files and the systems that rely on them unusable, according to the U.S. Cybersecurity and Infrastructure Security Agency.”
“Oakland's information technology department was working with law enforcement and a third party forensics firm to determine the scope and severity of the attack. City officials did not release the amount of ransom the attackers are asking for. The city said 911 dispatch, fire emergency services, and financial systems were not impacted."

GovTech
March 7th, 2023

"The hackers behind an early February cyber attack have published personal employee data. That data includes current and past employees' Social Security numbers, driver's license numbers, birth dates and addresses.”
"Data released by a hacker group following a February ransomware attack against Oakland includes 12 years of city employee rosters that list thousands of current and past employees' Social Security numbers, driver's license numbers, birth dates and home addresses, even those of Mayor Sheng Thao and former Mayor Libby Schaaf. The Chronicle viewed the published files using a link that was published on the dark web over the weekend. The files include over 9 gigabytes of data and documents including hundreds of records related to police misconduct allegations and scanned bank statements from the city's operating account."
”I'm very worried about identity theft," said one city employee whose personal information was released, and who spoke on condition of anonymity because he was not authorized to comment publicly. "It's another example of the city not protecting the people who work tirelessly for them." The data breach raises questions about the security of the city's systems. The city has not disclosed how the ransomware attack occurred. Both current and former employees said the city did not have two-factor authentication, a second layer of security to password-protected accounts, for staff until after the ransomware attack. Cybersecurity experts said it's unclear whether two-factor authentication could have prevented the attack without knowing what caused the hackers to be able to gain access.”
”The release of personal information could leave people vulnerable to identity theft and tax identity theft. A "bad actor" could use the information to get fraudulent tax refunds, apply for a line of credit or commit financial theft if routing numbers and credit card information are available, said Sarah Powazek, the program director of UC Berkeley's Public Interest Cybersecurity. Powazek noted that local governments, like Oakland, "make really great targets for ransomware" because they host critical public infrastructure, but may not have the resources to defend against an attack. She said because the group released the data, it's likely Oakland did not pay the ransom. The city has not disclosed how much they were asked for in ransom or whether they were asked for ransom at all.”
”The city said in a statement to The Chronicle that it is working with a third-party data-mining firm to do an "in-depth review" of the released data, which will likely take time. Based on what they find, they will notify staff, the city said. "My administration takes this very seriously and has been working hard to restore systems and provide assistance to anyone impacted," Thao said in a statement. "Moving forward we will focus on strengthening the security of our information technology systems." City officials sent an email to current employees on Monday, obtained by The Chronicle, saying that the city had sent a notification about the breach to all staff over the weekend. However, some current and former employees said they did not receive the notification.”

ABC 7 NEWS
March 16th, 2023

"Stolen personal and financial files from the City of Oakland were leaked onto the dark web by ransomware group "Play." The stolen data has more than 3,100 views as of March 16.”
“Currently, there are 40 different victim profiles active on the site," said James Aurand, the counterintelligence lead with Binary Defense. Aurand says 18 of those victim profiles appear to be from Oakland - about 10 GB of data.”
"According to Aurand, the dark website has a countdown timer letting victims know how much time they have left before that data is going to be released or made public on the site. It's accessible through a password that's provided to view the data.”
“The ABC7 News I-Team has learned the city hired a security awareness company KnowBe4, based out of Florida to help prevent future phishing attacks, but the protocols being implemented may take a year before there's any significant impact.”
“The I-Team confirmed the City of Oakland upgraded their Microsoft 365 services this week in order to implement 'enhanced security controls' like multi-factor authentication and compromised account detection."

California County Issues Warning After Phishing Attempt, Tehama County

Breach Type – Phishing, Other

GOVTECH.com
February 8th, 2023

"Tehama County is rooting out a phishing scam that tried to worm itself into the county's system. Recently the county learned that an unauthorized party gained access to the county's IT network between Nov. 18, 2021, and April 9, 2022.”
”On Friday, the county received notification of a phishing attempt. Chief Administrative Officer Gabriel Hydrick said the county responded immediately, with engineers quickly securing the account in question. The password was reset, the message was recalled and a warning message was sent out to those recipients that could not be recalled.”
”The county Monday morning sent out an email to its employees and associates informing them they had received an email asking for "payment" or "ach information" or the like. The county advised those who received the email not to respond to it and refrain from providing any information. Resting passwords was recommended as well.”
”Tehama County personnel is undergoing a rapid deployment of enhanced security measures, including 2FA," the email reads. "While this incident is just a single email account, these measures are being rapidly adopted to prevent scam emails ASAP. If you have any questions, our technical team is happy to assist as these measures are being rolled out."
”An investigation was launched, law enforcement was notified and a review of the incident let the county learn that files containing residents' personnel information were accessed. This information included a person's name, date of birth, mailing address, Social Security number, driver's license number and information related to services received from Social Services.”

Alleged Vice Society ransomware attack against San Francisco BART probed, San Francisco County

Breach Type – Hacking, Ransomware

SC Magazine
January 10th, 2023

"Investigation into a ransomware attack against San Francisco's Bay Area Rapid Transit is underway after the Vice Society ransomware gang listed the heavy rapid rail transit system as one of its victims, according to The Record, a news site by cybersecurity firm Recorded Future.”
“To be clear, no BART services or internal business systems have been impacted. As with other government agencies, we are taking all necessary precautions to respond," said BART Chief Communications Officer Alicia Trost, “who added that they are also looking into data stolen and posted by Vice Society”
“Vice Society's claimed attack on BART comes after a slew of cyberattacks against U.S. railways, with New York City's Metropolitan Transportation Authority compromised by a Chinese threat group and the Santa Clarita Valley Transportation Authority impacted by a ransomware attack on April 2021.”

Los Angeles’ Housing Authority hit by LockBit – Claim, Los Angeles County

Breach Type – Unknown, Ransomware

TechCrunch.com
January 1st, 2023

“It appears that LockBit 3.0 has managed to compromise and exfiltrate data from the Housing Authority of the City of Los Angeles (HACLA)."
"Municipal housing authorities collect and store a great deal of personal information on residents and landlords, and HACLA’s site can be used to apply for housing, pay rent, or other functions that involve personal data. The screencaps LockBit posted as proof of access suggest that this leak, if and when it happens, may affect many people who sought housing assistance from the city and may also impact employees."
"At the time of publication, HACLA’s website appears to be operational and there is no notice of any incident on their site or on their Twitter account. The agency’s office was scheduled to be closed on December 30 and January 2 due to the holiday, but DataBreaches has sent an email inquiry to the agency anyway, seeking their response to the claimed attack, and will update this post when a reply is received. For now, however, although the screencaps look convincing, this attack has not yet been confirmed or denied.”

California authorities confirm cyber intrusion, LockBit claims ransomware hit, Sacramento County

Breach Type – Unknown, Ransomware

Cybersecurity Dive
December 12th, 2022

"California’s Department of Finance was hit by a cyberattack and multiple state agencies are responding in coordination with the California Cybersecurity Integration Center. The state Office of Emergency Services is investigating the incident and is working to contain the impact and mitigate future vulnerabilities, according to a statement released Monday.”
“The LockBit ransomware group listed the state’s finance department on its leak site Monday and claims it stole 76 GB of data from the department, including databases, financial documents, court filings and IT documents, according to Brett Callow, threat analyst at Emsisoft”
“California officials said the attack was proactively identified and “no state funds have been compromised,” but declined to provide further details.”

Cyberattacks reported at US airports, Los Angeles County

Breach Type – Hacking, DoS

ABC News
October 10th, 2022

“Some of the nation's largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed on the situation confirmed to ABC News. Importantly, the systems targeted do not handle air traffic control, internal airline communications and coordination or transportation security. "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion.”
"Over a dozen airport websites were impacted by the "denial of service" attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, told ABC News. That type of attack essentially overloads sites by jamming them with artificial users. "Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.”
”The FBI and Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, each said they were aware of the attacks. The websites for Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O'Hare International Airport appeared impacted Monday morning.”

California Department of Corrections and Rehabilitation notifies staff, visitors, and incarcerated individuals of breach, Sacramento County

Breach Type – Unknown, Data Breach

Data Breaches
August 23rd, 2022

"The newly revealed breach affects staff, visitors, and others tested for COVID-19 by the state Department of Corrections and Rehabilitation between June 2020 and last January."
"The breach was discovered in January 2022 and appears to have involved unauthorized access in December 2021 that potentially affected medical information on everyone who was tested for COVID-19 by the department from June 2020 through January 2022."
"This public site allows access to certain information, however personal information of Concealed Carry Weapon (CCW) permit holders is not supposed to be visible,"
"The state indicates that the breach also potentially included mental health information for the incarcerated population in the Mental Health Services Delivery System going as far back as 2008."

California DOJ data breach exposes personal information of all concealed carry permit holders across state, Fresno County

Breach Type – Unknown, Data Breach

NBC News
June 29th, 2022

"The names, addresses and license types of all concealed carry permit holders in California were exposed after the state Department of Justice suffered a data breach."
“The breach occurred as part of the state DOJ’s launch of its “2022 Firearms Dashboard Portal,”
"This public site allows access to certain information, however personal information of Concealed Carry Weapon (CCW) permit holders is not supposed to be visible,"
"The personal information included, but was not limited to, a person's name, age, address, Criminal Identification Index number and license type, according to the sheriff's office."

State Bar notifies 1,300 people identified in data breach, Los Angeles County

Breach Type – Unknown, Data Breach

Bakersfield.com
May 8th, 2022

"The State Bar of California has begun notifying individuals whose names appeared in more than 322,000 confidential attorney discipline records published online in a massive data breach."
“The investigation did not determine whether any emails or attachments in the accounts were accessed or downloaded by the unauthorized individual, "however, the county was not able to rule out the possibility."
"The State Bar said Friday it will contact 1,300 complainants, witnesses or respondents whose names appeared in more than a thousand confidential case records that appeared online."
"The breach was not a hack, but rather a security vulnerability in the State Bar’s case management system. As a result, the confidential records were unintentionally swept up and published by Judyrecords."

Contra Costa County reports 2021 data breach that may have exposed personal information

Breach Type – Hacking, Data Breach

Danville San Ramon
April 17th, 2022

“An investigation determined that an unauthorized person accessed the county employees' email accounts "at various times" between June 24, 2021 and Aug. 12, 2021."
“The investigation did not determine whether any emails or attachments in the accounts were accessed or downloaded by the unauthorized individual, "however, the county was not able to rule out the possibility."
“The breach exposed "certain county employee emails" as well as individuals who communicated with the county's Employment and Human Services Department. This information contained names, Social Security numbers, driver's license or state-issued I.D. numbers, financial account numbers, passport numbers and medical information and/or health insurance information."
“The county sent out letters on Friday to people they believe may have had personal information in the email accounts. The county is also providing information about the incident and steps those affected can take."

Fresno lost $400,000 to a phishing scam in 2020 and never told the public, Fresno County

Breach Type – Phishing, Other

Fresno Bee
March 10th, 2022

“The city of Fresno lost about $400,000 in 2020 after falling victim to an electronic phishing scam, and former Mayor Lee Brand’s administration failed to disclose the loss to the Fresno City Council and taxpayers…”
“The electronic fraud was disguised as an invoice from a subcontractor working on the construction of the new southeast Fresno police station, Councilmember Miguel Arias told The Bee. The invoice included the subcontractor’s letterhead, and only the account numbers were different. A city staffer completed an electronic money transfer, not knowing the invoice was a fake, he said.”
“In an interview Wednesday, current Mayor Jerry Dyer said two payments were made. Arias said city officials believe the money was sent to an account in Africa.”
“The FBI asked city officials to keep the incident under wraps, so their investigation wasn’t compromised, Dyer said. It appears less than $2,000 was recovered, and the rest of the money likely is lost, Arias said.”

Fresno Bee
March 24th, 2022

“…in a subsequent press conference by saying the city had actually lost $600,000 to an unknown criminal or criminals who used an email process known as phishing to grab the funds.”
“The scam took place two years ago, but The Bee recently was able to confirm its existence through some emails between city officials who discussed it, and confirmation by City Councilmember Miguel Arias. The criminal(s) submitted fake invoices that looked authentic and thus got the money transferred to bogus accounts.”
“Arias now wants to guarantee disclosure in the future when the city suffers losses of public money. The benefit of such an approach is clear, but any policy would need vetting to make sure it can accomplish its goal.”

Sacramento County: Hundreds of personal records exposed in data breach, Sacramento County

Breach Type – Phishing, Data Breach

Fox 40 News
January 21st, 2022

“Hundreds of records containing personal information of Sacramento County residents were exposed in a phishing attack last year"
“Sacramento County said 2,096 protected health information and 816 personal identifiable records were exposed during a cyber attack on June 22, 2021. The extent of the breach was not known until Nov. 17 when a security audit was completed."
“Officials did not say how many Sacramento County employees were targeted during the phishing attack, only saying it was multiple. The county did, however, say how many login credentials were compromised.”
"Since the phishing attack, Sacramento County has set up two-factor authentication countywide, among taking other steps."

County Administrator addresses cyber attack: DA offers tips to the public to safeguard financial data, Plumas County

Breach Type – Phishing, Malware

Plumas News
November 18th, 2021

“Plumas County’s computer servers have been hacked. During the Board of Supervisors meeting on Nov. 16, a member of the public said her emails hadn’t been returned, and that’s when Hydrick and County Counsel Gretchen Stuhr shared that the email system wasn’t functioning.”
“Nothing was said about the servers in general during the public meeting. However, two county leaders who wish to remain anonymous, shared that much more was impacted by email. During this morning’s discussion, Hydrick said he wanted to share as much information as possible about the situation.”
“At this time, the depth of the intrusion is not fully known but is being addressed by the county’s IT department. Additionally, appropriate federal law enforcement have been notified and are engaged.”

Truckee town manager gives update on cyberattack, Nevada County

Breach Type – Phishing, Malware

Sierra Sun
September 30th, 2021

“On July 22, Truckee experienced a cybersecurity attack which breached its system and caused phones, internet, access to data, and everything that exists behind the town’s firewall to be shut down.”
“Truckee’s Emergency Operation Center was activated during the event, the town’s insurance carrier for cybersecurity was notified, and their team was brought on board. Due to the attack, according to Callaway, Truckee employees had to be outfitted with new computers and hotspots for internet access.”
“Additionally, the town lost its archived emails during the attack. “That particular exchange server was infected with a very malicious piece of malware, and it has been recommended to us by our forensic investigators that we don’t turn that on for risk of spreading that malware further into our newly rebuilt system,” said Callaway.”

Harbor District fends off ransomware attempt, San Mateo County

Breach Type – Unknown, Ransomware

Half Moon Bay Review
September 22nd, 2021

“On July 25, the district’s security consultant detected encrypted data in a server and isolated it.”
“San Mateo County Harbor District General Manager Jim Pruett said, because the district backs up its data regularly, the loss was negligible and no ransom was paid.”
“The important thing for the district was that we had substantial backups, so we were able to restore all the data, minus a few hours, back to the system and continue to operate,” Pruett said.
“Under state law, public agencies are required to report data breaches that leak personal information. Because there’s no evidence the district’s data was leaked, the district was not required to report the incident.”

Grass Valley Cyberattack Had 'Minimal Impact' City Says

Breach Type – Hacking, Ransomware

Fox40 Local News
July 28th, 2021

" City officials in Grass Valley confirmed its information systems were hacked Wednesday morning."
“The perpetrators of this cyber attack informed the City they had obtained data from City systems and threatened to publish the data if the City did not pay ransom,”
"Officials said the city paid the ransom, but did not say how much it was."
"The city said any related outages were brief and it is working to find out what data was compromised."

$1.2 Million Stolen From Sebastopol Reserves Through Fraudulent Wire Transfer

Breach Type – Phishing, Other

The Press Democrat
July 16th, 2021

“An ostensibly routine wire transfer involving Sonoma County’s treasury office turned out to be a scam that bilked Sebastopol of $1.2 million in property taxes at the end of April.”
“The theft was committed via a fraudulent email requesting a transfer from a pool of Sebastopol’s funds held by the Auditor-Controller-Treasurer-Tax Collector office, which oversees more than $3 billion in public money.”
"It appeared to us it was coming directly from staff of the city of Sebastopol,”…“Protocols are undergoing a full evaluation in response, and the office will communicate with a cyber security firm for recommendations on how to combat cybercrime.”
“The stolen funds are equivalent to about 10% of the city’s annual operating budget.”
“… the theft is unrelated to a police department computer system failure reported earlier this week that some have speculated could have been the result of a computer hack.”

Hacker Attempt to Poison Water Supply in San Francisco Bay Area

Breach Type – Hacking

NBC News
June 17th, 2021

On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn't seem hard.
The hacker had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.
After logging in, the hacker, whose name and motive are unknown and who hasn't been identified by law enforcement, deleted programs that the water plant used to treat drinking water.
The hack wasn't discovered until the following day, and the facility changed its passwords and reinstalled the programs.
No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report, which did not specify which water treatment plant had been breached, noted.

California City Computer System Down for Weeks In Ransomware Attack

Breach Type – Unknown, Ransomware

KGET
June 16th, 2021

California City’s mayor said, computer system has been down since around late May following a ransomware attack and an emergency meeting is scheduled tonight to discuss the issue
No demands have been made since the server was attacked sometime between May 26 and June 1. City employees haven’t been able to use email or other computer resources

Sacramento City Suffers from Data breach on ParkMobile App

Breach Type – Hacking, Data Breach

ABC 10
May 21st, 2021

The Sacramento Public Works Department is warning residents of a data breach on its ParkMobile parking app from March 2021. Department officials say the breach occurred due to a vulnerability in a third-party software used in the ParkMobile app. Some general account information was accessed in the breach, including license plate numbers, email addresses, and phone numbers
Officials say a small percentage of cases also included home mailing addresses. Encrypted passwords were also obtained in the breach, but department officials say the encryption keys required to view the passwords was not accessed
The Public Works Department said it also notified the appropriate law enforcement authorities about the breach

Santa Clara Valley Transportation Authority, Santa Clara County

Breach Type – Unknown, Ransomware

Patch
April 22nd, 2021

Bad actors are threatening to dump stolen data if demands are not met
Buses and light rails remain operational
An investigation is ongoing

El Monte City Hall servers, Los Angeles County

Breach Type – Unknown, Malware

San Gabriel Valley Tribune
April 6th, 2021

El Monte PD and the Los Angeles County Sheriff's department are investigating unauthorized access to city hall servers
Internet and business lines were not interrupted by the attack
The city is planning to replace email servers out of an abundance of caution

CA DMV Vendor-Automatic Funds Transfer, State of California

Breach Type – Unknown, Ransomware

KCRA
February 17th, 2021

The California Department of Motor Vehicles announced that a third-party company it utilizes experienced a security breach
It is unclear at this time if any DMV information was compromised from the attack
Data possibly exposed included records of include, names, addresses, license plate numbers and vehicle identification numbers

Yuba County

Breach Type – Unknown, Ransomware

Yahoo! News
February 19th, 2021

Yuba County was recent victim of ransomware cyberattack
Attack encrypted systems, bad actors demanded payment
County took steps to isolate affected systems

City of Shafter, Kern County

Breach Type – Unknown, Ransomware

23 ABC News
October 20th, 2020

Public statement was made about cities system being compromised
A post was made on Instagram stating the IT system appears to be frozen locked
No information appears to be stolen at this time, city officials are working with federal law enforcement to determine source

Madera County’s Court Website, Madera County

Breach Type - Hacking, Other

ABC 30
July 6th, 2020

The county’s court website was targeted and changed to be a portal for pornography and prostitution
This redirect exposes any visitors to a Turkish escort related services page
Once the problem was noticed a new web address was issued as the data from the original website remains lost

San Francisco Employee's Retirement System, San Francisco County

Breach Type – Data Breach, Unknown

Bleeping Computer
June 3rd, 2020

A third party had accessed test environment servers with over 74,000 customer's information
Information exposed is said to not contain social securities or bank information but does contain potentially compromising information
Information could fuel further data breaches and potentially phishing scams

San Francisco International Airport, San Francisco County

Breach Type – Hacking, Data Breach

Bleeping Computer
April 10th, 2020

Airport websites were hacked in data breach by bad actors
Bad actors placed malware onto websites to data mine credentials
Officials believed that members of public may have been affected as well

City of Torrance, Los Angeles County

Breach Type - Unknown, Malware

ABC 7
March 2nd, 2020

Email accounts were stopped following an attack on the city's servers
Some business operations have been stalled but communication remains open
No personal data was reported as compromised at this time

Tripwire
April 22nd, 2020

Bad actors erased city backups, encrypted hundreds of devices
Over 200 GB of files was also reportedly stolen during cyberattack
Data was ransomed for 100 bitcoin, equivalent to $700,000

Los Angeles County Government Systems, Los Angeles County

Breach Type – Phishing, Malware

Tech Wire
January 10th, 2020

Numerous county employees received malware-laden emails
IT staff were able to contain the malware and prevented data exposure
County had previously been victim of similar attack and took precautionary measures

Contra Costa County Library & County Administrative Offices, Contra Costa County

Breach Type – Unknown, Ransomware

CCCLIB
January 3rd, 2020

Network outage caused by ransomware cyberattack
IT personnel disabled all servers hit in attack
Officials believed no personal information had been leaked

City of Seal Beach, Orange County

Breach Type – Unknown, Ransomware

Sun News
December 31st, 2019

Ransomware cyberattack against city government targeted IT provider
Bad actors encrypted city's computers with ransomware
Email and voicemails were affected while emergency services were not

Fresno County & Fresno Council Of Governments (COG), Fresno County

Breach Type – Hacking, Ransomware

GV Wire
December 12th, 2019

Thousands of files were locked by bad actors from Russia
Local government refused to pay ransom and lost affected files
COG forced to utilize new internet provider due to attacks

City of Galt, Sacramento County

Breach Type – Unknown, Ransomware

CBS Sacramento
December 17th, 2019

Communications affected in cyberattack on city systems
Bad actors managed to place ransomware on network
Officials believed personal information was not leaked

Cucamonga Valley Water District, San Bernardino County

Breach Type – Hacking, Data Breach

Data Breaches
December 6th, 2019

Online payment service, Click2Gov, used in data breach
Officials believed, but were uncertain, that credit card information was collected
Officials attempted to reassure the public that the situation was under control

City of San Marcos, San Diego County

Breach Type – Hacking, Malware

7 San Diego
October 29th, 2019

Cyber attack leaves city employees without communications
IT officials disabled portions of computer network to mitigate attack
Officials stated that government files were secured

City of Livermore, Alameda County

Breach Type – Unknown, Malware

Patch
August 28th, 2019

California city hit with malware cyberattack, affected city hall computer systems
Officials discovered that virus had sent unauthorized emails from city accounts to residents
The unauthorized emails included an attachment in an effort to spread the virus further

Patch
September 18th, 2019

Emergency services remained operational, city email system and some phone lines were down
City, county, and state officials continued to work on restoring computer services
Officials commented that progress had been made, portions of network brought back online

California Reimbursement Enterprises, Los Angeles County

Breach Type – Phishing, Data Breach

Health IT Security
July 10th, 2019

Over 14,000 patient's information likely leaked after employee fell victim to phishing cyberattack
IT staff detected unusual activity and utilized third-party forensics team to assist investigation
Company provided billing service and eligibility for healthcare organizations throughout California

City of Bakersfield, Kern County

Breach Type – Hacking, Data Breach

Gemini Advisory
September 19th, 2019

Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
City of Bakersfield one of the eight cities impacted

Contra Costa County Elections Office, Contra Costa Co.

Breach Type - Phishing, Ransomware

Mercury News
April 24th, 2019

Contra Costa County elections office hit by cyber phishing attack
Phishing e-mail used in attack led to point of origin being in Russia
Malware involved was likely ransomware, no data was compromised

Imperial County Website System, Imperial County

Breach Type - Unknown, Ransomware

LA Times
April 19th, 2019

Imperial County website hacked from exterior source
Network was attacked by Ryuk ransomware
Ransomware demanded payment in bitcoin, county refused payment

Orange County Sanitation District, Orange County

Breach Type - Phishing, Data Breach

OCRegister
March 11th, 2019

Over 1,000 employees were notified as their information was assessed following a phishing scheme
The district was notified after files noting a compensation fund were accessed within NFP Corp.
Employees were told to enroll in a fraud watch over their credit following this attack

California Department of Consumer Affairs

Breach Type - Malware

Sacramento Bee
December 21st, 2018

California Department of Consumer Affairs suffered malware attack
50 workstations affected, and computer networks disrupted
Despite entire network being shut down, consumers were still able to visit its website

City of Bakersfield, Kern County

Breach Type - Other, Data Breach

Bakersfield
November 12th, 2018

Cyber security incident compromised personal & financial information of those who used Click2Gov online payment
City investigated & discovered an unauthorized party inserted a code into the Click2Gov system
The code found was designed to capture payment card data
A total of 2,400 user accounts may have been affected

City of Thousand Oaks, Ventura County

Breach Type - Other, Data Breach

Thousand Oaks Acorn
November 8th, 2018

City of Thousand Oaks’ online bill-pay service has been compromised for the second time in the past year
Damage is extremely limited
Customer contacted City Hall about a credit card fraudulently used elsewhere
Suspicious file found on the server by City’s vendor
Immediately, server taken offline

City of Indio, Riverside County

Breach Type - Other, Data Breach

StateScoop
October 15th, 2018

City of Indio residents fall victim to data breach
Vulnerability in Click2Gov software exposes payment cards used online
The payment cards and some private information was exposed
No illicit activity has impacted residents yet

Congressional District Democratic Candidate’s Campaign Website

Breach Type - Other/TDoS/DDoS

Rolling Stone
September 20th, 2018

California Democrat Bryan Caforio fell victim to DDoS attacks, known as Hulk attacks, which shut down his campaign website for 21 hours during the primary election season
Voters were unable to access campaign website, learn information on the candidate, and unable to donate to his campaign as a result
Cyber experts believe the attacks were launched using AWS server space
Department of Homeland security was notified by the campaign and willing to launch investigation into the repeated incidents

City of Morgan Hill, Santa Clara County

Breach Type - Other/Data Breach

Morgan Hill Times
May 31st, 2018

Hundreds of Morgan Hill employees’ financial information exposed
W-2 Summary report accessed by hackers
480 former & current city employees affected in hack

City of Oxnard, Ventura County

Breach Type - Other/Data Breach

KEYT 3
May 31st, 2018

Data breach compromised personal information of Oxnard's online utility payers
Vulnerability in city's software allowed hackers to gain confidential information
City of Oxnard shut down system to implement additional security measures

City of Pasadena

Breach Type - Phishing

Pasadena Now
April 30th, 2018

City employee email accounts compromised through phishing scheme
Hackers use access to accounts to send out fraudulent emails to city contacts
City immediately disabled accounts & changed passwords of all city employees
Advising residents/associates to take caution when opening emails from city

City of Thousand Oaks, Ventura County

Breach Type - Other/Data Breach

California Office of Attorney General
April 23rd, 2018

Unauthorized actor potentially gained access to City vendor
Click2Gov online payment system contained credit card transactions
Those potentially affected, advised to review payment card account statements closely

California State Election System

Breach Type - Hacking

NBC News
February 27th, 2018

Claims websites were affected & scanned
Claims hacks were not directly related to voting
Want to take preventative measures for next election

Sausalito City Government

Breach Type - Phishing

KQED News
February 22nd, 2018

Current and former Sausalito government employees had W2 info exposed
147 employees affected
City notified IRS, FBI, & California Franchise Tax Board
Sausalito Police Department investigating the breach

City of Alameda Website

Breach Type - Cryptojack/Other

WCCF Tech
February 12th, 2018

Over 4,200 victims hijacked to mine Monero cryptocurrency
Secretly hijacked using compromised plug-in called "Browsealoud"
Though sites were affected for hours, no user data was affected/compromised

California Voter Registry

Breach Type - Ransomware

SC Magazine
December 15th, 2017

Unprotected MongoDB server
Database has been deleted by cyber criminals
Ransom note demanding 0.2 bitcoin ($2,325.01 at time of discovery)
19.2 million voter records stored in server

Stanislaus Co.

Breach Type - Cryptojack/Other

KCRA
December 15th, 2017

Behavioral health and recovery services computer network compromised by ransomware
Stanislaus Co. has mitigated ransomware attacks in past
Shut down and quarantined infected networks
All behavioral health recovery services remain available to patients

The Modesto Bee
December 15th, 2017

Hackers demanded $65,000 in bitcoin
County does not intend to pay ransom

City of Sacramento, Sacramento Co.

Breach Type - Phishing, Data Breach

City of Sacramento IT Department
December 8th, 2017

City compromised by unknown source
City employment applicants affected in data breach

Sacramento Business Journal
July 18th, 2018

Cyber attack potentially compromised 550 job applicants
2017 breach result of "very creative" phishing scam

Los Angeles Superior Court Employees

Breach Type - Phishing

Washington Times
November 22nd, 2017

500 employees received fraudulent emails
Emails led to fake websites asking for account credentials
Less than a dozen employees fell for phishing scam
31 year old Texas Resident responsible for hack

Sacramento Regional Transit

Breach Type - Ransomware

Sacramento Bee
November 20th, 2017

Hackers demand $8,000 ransom
Attack erased necessary computer programs affecting internal operations
Determined that no data was stolen

City of Oceanside, San Diego County

Breach Type - Other, Data Breach

California Office of Attorney General
September 6th, 2017

Costumer payment card compromised through City of Oceanside’s Utility Bill Payment Services
City contracted with cybersecurity expert to investigate
Malicious code had infiltrated the vendor supported online payment system

Los Angeles County Board of Supervisors

Breach Type - Hack

SCV News
June 27th, 2017

Website homepage displayed pro-ISIS propaganda
1 of 4 U.S. websites hacked the same way
Team System Dz claims responsibility for attack

Los Angeles County

Breach Type - Hack

Fox News
December 18th, 2016

Possible exposure of 750,000+ personal data
Nigerian hacker identified as Kevin Onaghinor
Phishing email deceived 108 county officials into entering email and passwords
There has been no evidence that confidential information was breached

San Francisco's Municipal Transportation Agency

Breach Type - Ransomware

ARS Technica
November 28th, 2016

Crypto-ransomware infects Muni system networks
Hacker asks for $73,000
Hacker gave email address associated with Mamba and HDDCryptor
No information was compromised and systems returned to regular operations

NY Times
October 27th, 2017

SFMTA states they never considered paying the ransom
Malware infected systems through an email link

Yuba City

Breach Type - Ransomware

Appeal Democrat
September 30th, 2016

Attacked by ransomware virus, IT department quickly tracked and shut down network
4 of 350 computers infected with the virus
No data lost or compromised, hacker was not paid ransom

Los Angeles County Health Department

Breach Type - Ransomware

LA Times
February 26th, 2016

Remnants of ransomware thread on five computers
Operations not affected
County is aggressive in preventing cyber attacks

Data Breaches
February 29th, 2016

County did not pay ransom

Medical

Breach blamed on Russian-linked hackers exposes San Jose healthcare group’s sensitive data, Santa Clara County

Breach Type – Unknown, Data Breach

MSN.com
May 1st, 2023

”In a widescale data breach, the personal information of more than a quarter million South Bay patients who rely on the state’s affordable health insurance plan may have been exposed through a San Jose-based Medi-Cal provider hit by a nationwide cyber attack.”
”Santa Clara Family Health Plan said Monday that the sensitive information of 276,993 members — including names, contact information, dates of birth, member IDs and Medi-Cal credentials — may be compromised.”
”The incident is part of a larger breach of more than 130 organizations across the country, according to a February report by the cyber security division of the U.S. Department of Health and Human Services. Officials believe a Russia-linked ransomware group dubbed “Clop” may be responsible, though no definitive evidence has come to light, the Health Sector Cybersecurity Coordination Center said.”
”The attack against the San Jose group was first discovered on Jan. 30 through a software service that allows SCFHP to securely exchange electronic files with a third-party vendor. That vendor, NationsBenefits, said it learned about the data compromise on Feb. 7.”
”Established in 1997, health plan serves as Santa Clara County’s local provider for the state’s version of Medicaid to over 320,000 residents. The service offers health insurance plans for low-income Californians at little to no cost in one of the country’s most expensive regions. The state’s attorney general did not respond to a request for comment. California law requires the attorney general to be notified of any data breach affecting over 500 people.”

7×7 Dental Implant & Oral Surgery alleged victim of Abyss ransomware group, San Francisco County

Breach Type – Unknown, Ransomware

DataBreaches.net
April 7, 2023

"A leak site called “Abyss” recently added 7×7 Dental Implant & Oral Surgery Specialists of San Francisco (7×7) to their site and claimed to have 114 GB of the dental practice’s files. A file tree showing 2,891 directories and 63,557 files was posted as proof of claim. Some of the filenames suggest business-related internal documents, while others are likely employee-related files. The bulk of the files appears to be patient-related. Most of these are image files in .jpg or .dcm format. Some .pdf files appear to be referral letters or reports.”
”Protected health information (PHI) appeared to be exposed in the file tree itself as filenames often incorporated patients’ first and last names with the date of service. Other filenames contained an initial with a last name plus the service date. Using Google search and a small sample of less common names, DataBreaches was able to find people in the area with the same first and last names as in the file tree. 7 x 7 has yet to respond to DataBreaches’ website contact inquiry of March 30 or an email of April 5. There has been no confirmation from them, then, of any attack or that the file tree data is theirs."
“Abyss’s site does not indicate whether they have given 7×7 a deadline for responding to avoid a data dump. Inspection of the file tree suggests that the data were likely exfiltrated on or after March 7, 2023, which was the most recent date of service in some filenames. In a matter of approximately three weeks then, Abyss exfiltrated data and then named the victim publicly to increase pressure on them. DataBreaches has no information on Abyss, but some sites refer to them as a ransomware group. Abyss does not have any contact info on their leak site."

Cl0p hits virtual behavioral health company, leaks records of 63,000 minors, Santa Clara County

Breach Type – Unknown, Data Breach

JD Supra
March 29th, 2023

"Russian ransomware gang Cl0p leaked the health information of 63,000 minors using virtual mental health company Brightline, as part of an attack on software company Fortra, Techmonitor reported March 29.”
”Brightline is part of the insurance company Blue Shield. Data leaked in the breach included names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers and email addresses."
“It is not known whether a ransom has been demanded or paid."

UC San Diego Health Announces Third-Party Data Breach Following a Vendor’s Unauthorized Use of Tracking Technologies, San Diego County

Breach Type – Unknown, Data Breach

JD Supra
March 29th, 2023

"On March 16, 2023, the University of California San Diego Health (“UC San Diego Health,” “UCSD Health”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after being informed by Solv Health that the company used certain tracking technologies without the university’s permission.”
”Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ first and last names, dates of birth, email addresses, IP addresses, third-party cookies and protected health information. After confirming that patient data was leaked, UCSD Health began sending out data breach notification letters to all individuals who were impacted by the recent data security incident."
“Solv Health recently informed UCSD Health that it had been using certain analytics tools without UCSD’s permission. Because Solv used these technologies, certain sensitive information belonging to patients was disclosed to unauthorized parties."

Beaver Medical Group notifying patients whose information was accessed in phishing incident', San Bernardino County

Breach Type – Phishing, Data Breach

DataBreaches.net
March 15th, 2023

"On January 24, BMG discovered unusual activity in an employee’s workstation. Their investigation revealed that an unauthorized actor had launched a targeted phishing attack that gave them access to the employee’s email account."
"The types of personal and protected health information in that account included health plan information such as name, member ID number, health plan name, and premium payment amount. BMG notes that the incident did not involve address, date of birth, Social Security number, clinical information, driver’s license number, or any financial account information."
”A copy of BMG’s notification submitted to the California Attorney General’s Office on March 8 does not indicate the number of patients notified."

Sharp notifies nearly 63,000 patients of data breach, San Diego County

Breach Type – Hacking, Data Breach

San Diego Union Tribune
February 3rd, 2023

"Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.”
"Stressing that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth, health records or “information about the services received,” Sharp says the type of compromised information “varied from person to person.”
”The information contained in the file was limited to patient names, internal Sharp identification numbers, and/or invoice numbers, payment amounts and the names of the Sharp entities receiving payment.”
”Thus far, the provider’s statement says, there is no indication that any stolen information has been used for nefarious purposes.

Nonstop Health data and source code appear to have been leaked on hacking forum, Contra Costa County

Breach Type – Unknown, Data Breach

DataBreaches.net
February 3rd, 2023

"Nonstop Health offers health insurance solutions to employers who have more than 50 employees receiving benefits. Headquartered in Concord, California, and Portland, Oregon, Nonstop Health has business associate agreements with its clients that covers protected health information.”
"On January 17 and 18, data and source code allegedly from Nonstop were leaked on two popular hacking-related forums."
”Personal information leaked online included names, date of birth, postal address with state and zip code, personal email address, and Social Security numbers. For some records, cellphone number, employee status, job title, and annual salary were also included. Given the formatting of the sample data, the sample appears to have been drawn from a number of clients’ data and not just one. The full leak by the poster reportedly contains 43,532 lines and the data are reportedly from December, 2022.”

Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical (collectively, “Regal”) have been notifying patients about a breach that resulted from a ransomware attack., Los Angeles County

Breach Type – Hacking, Ransomware

DataBreaches.net
February 4th, 2023

"In their notification of February 1, Regal writes that they first became aware of the December 1 breach on December 8, 2022. On December 2, they noticed difficulty accessing some servers and discovered malware on some servers. That malware resulted in access to and exfiltration of some data.”
"Personal information that may have been affected included: address, diagnosis and treatment, laboratory test results, prescription data, radiology reports, health plan member number, and phone number."
”Regal’s notification to the California Attorney General’s Office does not identify the type of ransomware, whether they received a ransom demand, and whether they paid ransom, but as of publication, none of the Regal Group entities have shown up on any dark web leak site operated by various ransomware gangs.”
”The incident has not yet been posted to HHS’s public breach tool, so we do not yet know the total number of patients affected.”

Russian cyber gang Killnet brings down websites of 14 top US hospitals and universities - including Stanford and Duke, Los Angeles County

Breach Type – Hacking, DoS

Daily Mail
January 30th, 2023

"Russian hackers are claiming responsibility for a cyberattack that brought down the websites of more than a dozen US hospitals Monday morning."
”Killnet, a pro-Russia group known for distributed denial of service (DDoS) attacks over the past year, says it took down the websites of 14 US hospitals. These include Stanford Healthcare, Duke University Hospital and Cedars-Sinai."
"Duke Health has experienced some intermittent issues with its public website, but it remains unclear what caused the brief disruptions. Technical teams are engaged and trouble-shooting the issue. All patient care systems are functioning normally."
”DailyMail.com found seven hospital websites were back in service by 12pm EST. It is unclear why these specific websites were targeted, but the hacking group is known for attacks in nations like the US that have opposed Russia's invasion of Ukraine.”
”It is unclear how the outage may have affected internal hospital systems or impacted patient care.”

Russian cyber gang Killnet brings down websites of 14 top US hospitals and universities - including Stanford and Duke, Santa Clara County

Breach Type – Hacking, DoS

Daily Mail
January 30th, 2023

"Russian hackers are claiming responsibility for a cyberattack that brought down the websites of more than a dozen US hospitals Monday morning."
”Killnet, a pro-Russia group known for distributed denial of service (DDoS) attacks over the past year, says it took down the websites of 14 US hospitals. These include Stanford Healthcare, Duke University Hospital and Cedars-Sinai."
"Duke Health has experienced some intermittent issues with its public website, but it remains unclear what caused the brief disruptions. Technical teams are engaged and trouble-shooting the issue. All patient care systems are functioning normally."
”DailyMail.com found seven hospital websites were back in service by 12pm EST. It is unclear why these specific websites were targeted, but the hacking group is known for attacks in nations like the US that have opposed Russia's invasion of Ukraine.”
”It is unclear how the outage may have affected internal hospital systems or impacted patient care.”
”The University of Michigan told DailyMail.com no patient information was impacted by the attack. Hospitals in the Netherlands were also reportedly impacted by a DDoS attack from Russian hacking groups this morning too.”

Rundle Eye Care notifies patients of data breach, Orange County

Breach Type – Hacking, Ransomware

DataBreaches.net
January 21st, 2023

“At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident."
“In their notification, the doctors do not reveal precise dates of the attack or its discovery but claim that they recently detected and stopped a network security incident. An unauthorized third party temporarily gained access to our network environment. Although we have found no evidence that your information has been specifically misused as a result of the incident, an investigation revealed that the following categories of your information which may have been exposed: name, date of birth, and treatment information."
"Their notification to patients is dated approximately three months after the attack. And although the notification claims patient data “may have been exposed,” it does not tell patients their data was actually stolen and leaked publicly back in October.”
Everest’s listing on its leak site in early October claimed they acquired 30 GB of data from Rundle, including patient information. The listing also stated, “The owners of the company were notified of the incident in person and of the time frame. The company should contact us soon, otherwise more data will be released.”.
”According to Everest, then, the doctors knew back in October that the incident involved more than just exposure. Whether Rundle’s physicians ever contacted Everest or not is unknown to DataBreaches, but on October 25, Everest leaked 20 GB of data on a well-known hacking forum accessible on the clear net and the dark web. DataBreaches reached out to Everest Team to ask whether they had encrypted any of the files (they usually do not encrypt) and whether they had leaked all of the data they had exfiltrated. This post will be updated when a reply is received.”

St. Rose Hospital patient data appears on hacking forum, Alameda County

Breach Type – Unknown, Data Breach

DataBreaches.net
December 27th, 2022

”On December 20, a listing appeared on a popular forum that offered documents allegedly from St. Rose Hospital in Hayward, California. The listing was not a sales listing but rather a “demo data pack” listing of what was described as documents from a leak."
"The total leak allegedly contains 1.7 TB of files with: Financial data. Business data. Staff personal data (phones, addresses, SSNs, etc..). ~ 1 600 lines Patients’ personal data (phones, addresses, SSNs, etc..) ~ 20 000 lines Patient medical data (scans, patients’ personal folders with medical records). Volume: 195 GB Building plans. Accident reports (drug overdosing, harassment, etc..) Projects. Technical data (SQL databases, backups). Email archives.”
”Inspection of the demo data pack indicates that there are actual patient and employee data involved as well as internal hospital documents. DataBreaches noted files from late October 2022 in the demo pack, so any leak or incident may have occurred in November or this month.”
”The data appears to be from an attack by BianLian that appears on their dedicated leak site. Whether the individual who listed the data on the hacking forum is connected with them or just saw an opportunity to try to boost their rep by providing data is unknown to DataBreaches.”

SuperCare Health Data Breach Impacts Over 300,000 People, Los Angeles County

Breach Type – Hacking, Data Breach

Security Week
April 11th, 2022

“In a data security notice posted on its website, SuperCare said the intrusion was discovered on July 27, 2021, when it noticed unauthorized activity on some systems. An investigation revealed that someone had access to certain systems between July 23 and July 27, 2021."
“It took the company until February 4, 2022, to determine that the exposed files contained patient information, including name, address, date of birth, hospital or medical group, medical record number, patient account number, health-related information, and claim information. In some cases, social security numbers and driver’s license numbers were also stored in the compromised files."
“Please note that to date, we have no reason to believe that any information was published, shared, or misused as a result of this incident,” the company said."
“The company told the US Department of Health and Human Services that the breach has impacted 318,379 people."

Hackers Claim Responsibility for California Ransomware Attack, State of California

Breach Type – Unknown, Ransomware

GovTech.com
March 31st, 2022

"A ransomware group called Hive is claiming to have stolen private data for 850,000 members of Partnership HealthPlan of California, a nonprofit that manages health care for Medi-Cal patients in 14 counties.”
"Hive posted on its website on the dark web that it had stolen Partnership’s data. A screenshot of the claim describes the “stolen data includes...850,000 unique records of name, SSN, date of birth, address, contact, etc.” It also states that 400 gigabytes of data were stolen from Partnership’s file server.”
“We are aware of the claims. As our investigation is ongoing, we are unable to provide additional information at this time,” Partnership spokesman Dustin Lyda said in an email Wednesday.”

Information of 1,300 Sonoma County residents exposed during data breach, Seneca Family of Agencies, Sonoma County

Breach Type – Unknown, Data Breach

North Bay Business Journal
November 24th, 2021

"The personal information of more than 1,300 Sonoma County residents may have been exposed during a data breach involving a contractor earlier this year"
"The county's announcement about the breach came nearly three months after it was first detected by Seneca Family of Agencies"
“Exposed information may include names, Social Security numbers, addresses, phone numbers, email addresses, medical record numbers, diagnosis and treatment information, health insurance information, Medicare or Medicaid numbers, provider names, prescription information, driver’s license or state identification numbers and digital signatures"
Seneca in a statement posted to its website said it had discovered an unauthorized entry to its network on Aug. 27 and launched an investigation. It learned through that investigation that an individual accessed the network “for a brief period of time” between Aug. 25 and Aug. 27"
"Seneca said it has uncovered no evidence to indicate that any of the information accessed has been misused as a result of the breach...Seneca has offered to provide 12 months of free credit monitoring and identity protection services to any affected residents who request it.”

400k patients affected by Planned Parenthood ransomware data breach, Los Angeles County

Breach Type – Unknown, Ransomware

KYMA | CBS 13
December 2nd, 2021

"A ransomware attack on Planned Parenthood in Los Angeles has exposed the personal data of nearly half a million patients. The health care provider said it happened in October.”
"According to a breach notification the organization sent to victims, an unidentified perpetrator stole documents that contained sensitive information on some patients like, insurance information, their diagnosis, procedure or prescription.”
“A spokesperson for Planned Parenthood Los Angeles said there is no evidence that it was a targeted attack or that the stolen information has been used for fraudulent purposes.”

Ransomware hackers steal data from California hospital, publish it to dark web, Los Angeles County

Breach Type – Hacking, Ransomware

Becker Hospital Review
October 19th, 2021

"Los Angeles-based Barlow Respiratory Hospital is investigating a ransomware attack after hackers posted stolen data online."
"The hackers demanded payment from the hospital, but the hospital was unable to confirm if it paid the ransom request."
"The hospital partnered with a forensics investigation firm to contain and remediate the attack. The investigation uncovered that the hackers stole data from certain backup systems and published it to the dark web."

Stolen patient data posted on the dark web after cyberattack on California clinics, Fresno County

Breach Type – Unknown, Ransomware

Becker Hospital Review
October 13th, 2021

"Fresno, Calif.-based United Health Centers, which has 21 locations across California, was hit by a ransomware attack that reportedly forced its entire network to shut down and resulted in patients' data being stolen"
“The cyberattack reportedly disrupted its network and resulted in patient data theft. The ransomware group Vice Society claimed responsibility for the disruption on United Health Centers' systems"
“Vice Society, which emerged in June, began leaking patient data that it allegedly stole during the ransomware attack, Bleeping Computer reported. The stolen data reportedly included financial information, patient lab results and more."

University of California, San Diego Health Victim of Phishing Resulting in Data Breach

Breach Type – Phishing, Data Breach

Techaeris.com
July 28th, 2021

“The University of California, San Diego Health has announced that a data breach has exposed the personal information of its students, employees, and patients"
”UC San Diego Health officials told Bleeping Computers that the breach was due to a phishing attack in an employee email account"
"Upon discovering the breach, the facility closed off the compromised account and called the FBI"
"The data that hackers accessed spanned a time period between December 2020 and April 2021. There is no evidence that this data harvesting has been used or exploited"

Over 420,000 Compromised in Health Plan Email Hack

Breach Type – Hacking, Data Breach

DataBreaches.net
May 19th, 2021

On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020
HPSJ sent out notifications and notified the Maine Attorney General’s Office of the incident, reporting that, “the information that could have been subject to unauthorized access includes name, address, and Social Security number.”
Although the health plan says they do not know for sure what was possibly accessed or viewed, those being notified were offered 12 months of credit monitoring
420,433 have been sent notifications of this incident, which has not (yet) shown up on HHS’s public breach tool. The notification to regulators does not indicate how many employee email accounts were compromised, and whether they were all compromised by phishing or some other method

Scripps Health, San Diego County

Breach Type – Unknown, Ransomware

La Jolla Light
May 3rd, 2021

Ransomware attack occured on May 1
The health system's four main hospitals are exclusively operating with paper records
There is currently no system restoration timeline that has been made public

Remedy Medical Group, San Mateo County

Breach Type – Phishing, Data Breach

Data Breaches
April 6th, 2021

Vendor Administrative Advantages observed suspicious activity on an employee email account in July 2020
Compromised information includes, but is not limited to, names, SSNs, financial account information, driver’s license and/or state identification numbers, credit and/or debit card information, birth dates, passport numbers, electronic signature information, username and password information, Medicare numbers, Medicaid numbers, and health insurance information
AA is unaware of any misuse of compromised information

Health Net, Los Angeles County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
April 6th, 2021

Data from parent company Centene was compromised during Clop ransomware attack on Accellion
Compromised information includes, but is not limited to, birth dates, insurance numbers, and addresses
1,236,902 members of Health Net affected in the breach

Stanford University Medical School, Santa Clara County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
April 5th, 2021

Threat actors likely accessed health information
Breach occurred in third-party vendor's infrastructure
Threat actors claimed to have published links to download medical information online

Sutter Buttes Imaging Medical Group, Sutter County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
February 16th, 2021

Healthcare provider forced to notify patients following cyberattack
Bad actors likely accessed protected, and private, health information
Breach occurred in third-party vendor's infrastructure

Sonoma Valley Hospitals, Sonoma County

Breach Type – Unknown, Malware

Becker's Hospital Review
October 23rd, 2020

Healthcare provider disabled computer network following cyberattack
Systems were taken offline to mitigate damage
Officials stated that emergency services remained available

Sonoma Sun
Nobemver 5th, 2020

Officials confirmed that ransomware was used in cyberattack
Hospital refused to pay ransom demanded by bad actors
Patient information was likely compromised

Becker's Hospital Review
December 15th, 2020

Nearly 67,000 patients had records exposed following ransomware attack
Third-party IT specialists were contacted for assistance
Leaked information included names, dates of birth, addresses, and private medical information

Rady Children's Hospital, San Diego County

Breach Type – Unknown, Data Breach

Fox 5
October 29th, 2020

Names, addresses, and other private medical information was accessed
Hospital offered steps on protecting personal information, as well as credit monitoring
Affected individuals were encouraged to reach out directly to the healthcare provider

Sonoma Valley Hospitals, Sonoma County

Breach Type – Unknown, Malware

Becker’s Hospital Review
October 23rd, 2020

Sonoma Valley Hospital reported that bad actors were able to render computer systems offline for nearly two weeks
The security incident was identified on October 11th and had rendered the computer systems offline
Computer systems are still not fully restored, and the hospital is unable to post anything medical related to its patient portal

Amphastar Pharmaceuticals, San Bernardino County

Breach Type – Unknown, Ransomware

Data Breaches
August 31st, 2020

Bad actors uploaded private files following ransomware cyberattack
Officials stated they would refuse to pay any ransom demand
Company utilized computer backups to restore lost data

Salinas Valley Memorial Healthcare System, Monterey County

Breach Type – Phishing, Data Breach

Becker's Hospital Review
July 9th, 2020

Private health information exposed during cyberattack
Employee account had been compromised via elaborate phishing scheme
786 individuals had information leaked

Central California Alliance for Health, Merced, Santa Cruz, and Monterey Counties

Breach Type – Phishing, Data Breach

Merced Sunstar
June 30th, 2020

The Health alliance had notified the public that it had discovered a data breach within its network systems
It was unknown if the exposed information had been misused by bad actors
Following the discovery of the suspicious activity an investigation was launched and termination of the employee email accounts ensued

American Medical Technologies, Orange County

Breach Type – Phishing, Data Breach

Becker's Hospital Review
June 24th, 2020

AMT had publicly released that thousands of patients information had been exposed
The company which tends to senior care discovered the activity on an employee email account
The information of almost 50,000 patients was exposed including social security numbers, medical records and more

Electronic Waveform Lab, Orange County

Breach Type – Unknown, Ransomware

Markets Insider
June 12th, 2020

Third party IT firm and law enforcement notified following cyberattack
IT personnel were able to restore data from backups without issue
Officials advised that they would take additional precautions in the future

Stockdale Radiology, Kern County

Breach Type - Unknown, Ransomware

Data Breaches
January 28th, 2020

Patient file sample sent to third party following ransomware hit
Healthcare center was victim of cyberattack, data was locked
Bad actors accessed restricted and confidential information

Data Breaches
April 10th, 2020

Ransomware used in cyberattack against healthcare provider
Bad actors exposed and publicly shared illegally obtained information
Officials discovered numerous files that had been accessed

Golden Valley Health Centers, Merced County

Breach Type – Phishing, Data Breach

Data Breaches
March 20th, 2020

Patient information possibly exposed in cyberattack
Health center notified potentially affected patients
Officials confirmed health center would take extra precautions

Vibrant Care Rehabilitation

Breach Type - Phishing, Data Breach

Data Breaches
February 20th, 2020

Over 1,600 patients were contacted following bad actors accessing an employee's email account exposing patient information
The information varied from email to email exposing different patients to different severities of potential threat
It is unknown if the has been any illegal use of the information accessed following the attack

Rady’s Children Hospital, San Diego County

Breach Type - Hacking, Data Breach

Data Breaches
February 26th, 2020

Open port left on network was likely to have permitted data breach
Bad actors accessed private patient information on servers
Third party IT firm utilized in investigation and restoration

Enloe Medical Center, Butte County

Breach Type - Unknown, Ransomware

Action News Now
January 2nd, 2020

Healthcare facility's network data encrypted in cyberattack
Bad actors used ransomware in the hit
Officials remained unsure when services would be restored

Adventist Health Simi Valley, Ventura County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
January 21st, 2020

Healthcare facility was victim of phishing cyberattack
Bad actor redirected payments in attempt to steal
Officials confirmed no other systems affected

PIH Health, Los Angeles County

Breach Type – Phishing, Data Breach

Data Breaches
January 24th, 2020

Health provider employee email accounts breached
Bad actors tricked employees using phishing scheme
Patient private and medical information likely stolen

Wood Ranch Medical, Ventura County

Breach Type – Unknown, Ransomware

Data Breaches
September 30th, 2019

California medical facility hit with ransomware attack causing business to permanently cease operations
Cyberattack encrypted all patient healthcare information in database
Potentially leaked information includes names, dates of birth, medical insurance information

Marin Community Clinics, Marin County

Breach Type - Unknown, Ransomware

Marinij
June 21st, 2019

A cyber attack on Marin systems rendered clinics without computers until the following Friday afternoon
In an attempt to regain services an unknown amount of ransom was paid out following advice of a network operator
In order to maintain normal operations all staff resorted to using paper and it was expected there was no data lost

Shingle Springs Health and Wellness Center, El Dorado County

Breach Type - Unknown, Ransomware

HIPAA Journal
June 19th, 2019

Over 20,000 patients were potentially exposed due to a ransom attack that occurred
The center is attempting to repair and update the systems following a new server installation
The attack may have been an attempt to gain money on the attackers side with private information as another potential extort

Podiatric Offices of Bobby Yee, Monterey County

Breach Type - Ransomware

Data Breaches
January 5th, 2019

Podiatric Offices of Bobby Yee fell victim to ransomware attack
Unauthorized alteration and potential corruption of private patient data
No evidence surfaced that data was exfiltrated

National Ambulatory Hernia Institute, Orange County

Breach Type - Phishing, Ransomware

Data Breaches
October 20th, 2018

Malicious email address delivers Gamma ransomware attack to National Ambulatory Hernia Institute server
Some private patient data potentially accessible by hackers
All data has since been moved to an off-site server and steps have been taken to eliminate future breach
Robust firewall and antivirus services purchased to combat future threats

Guardant Health, San Mateo County

Breach Type - Phishing, Data Breach

San Francisco Business Times
September 10th, 2018

Hackers obtain private patient data
Guardant Health fell victim to phishing scheme
1,100 patients potentially affected by breach

San Francisco Institute on Aging, San Francisco County

Breach Type - Phishing, Data Breach

California Department of Justice
July 20th, 2018

Hackers access Institute on Aging Employee email account
Account contained private health and financial data of patients
At least 3,907 residents of California potentially affected in data breach

Center for Orthapaedic Specialists

Breach Type - Ransomware

DataBreaches
April 25th, 2018

Center has three locations in CA – all affected in cyber attack
Hackers infected the main server with ransomware
Informed 85,000 current and former patients of potential data breach
Notified law enforcement & offered identity protection to those possibly affected

Sangamo Therapeutics, Inc.

Breach Type - Hack

DataBreaches
April 4th, 2018

Senior executive's email account compromised
Sangamo notified federal law enforcement about breach
Personal information accessed and may be compromised

White & Bright Dental

Breach Type - Hack

Office of Attorney General
February 16th, 2018

White & Bright notifies patients on breach of computer server with sensitive information
All personal information of patients could have been accessed
Advises those potentially affected to be vigilant of their data &provides credit monitoring

Ron’s Pharmacy Services, San Diego County

Breach Type - Hack

Ron's Pharmacy Services
February 2nd, 2018

Hack affected employee email account of Ron's Pharmacy Services
Hackers viewed limited information contained in account
No Social Security numbers or private financial information accessed

Community Memorial Health System

Breach Type - Phishing

VC Star
September 5th, 2017

Email phishing scam leads to security breach
959 patients’ personal information potentially accessed
Agency offering affected individuals free identity protection/credit monitoring services
Security measures taken and employees given additional training

University of California, Davis Health

Breach Type - Phishing

Healthcare IT News
July 17th, 2017

Davis Health employee fell victim to phishing scheme
Hackers able to access & obtain patient PHI
15,000 patients potentially affected in breach

East Valley Community Health Center

Breach Type - Ransomware

HIPAA Journal
December 8th, 2016

Center notifies 65,000 patients of potential breach following ransomware attack
Limited data potentially accessed not including financial information
Ransomware variant known as Troldesh/Shade
Preventative steps taken to reduce likelihood of future attacks

Bay Sleep Clinic

Breach Type - Accidental Data Breach

DataBreaches
November 18th, 2016

Clinic offers video monitoring of patients
Did not properly secure a camera and video footage of a patient could be viewed by anyone
Miscellaneous source reported to DataBreaches the video was on insecam.com
DataBreaches reached out to Bay Sleep Clinic with urgency, did not receive a response

USC Keck and Norris Hospitals

Breach Type - Ransomware

Keck Medicine
September 20th, 2016

Ransomware discovered on two servers
Attack isolated to avoid spread to other servers
Fully remediated situation, restored data from encrypted folders to servers
No ransom paid
As a precaution: notified patients whose health or other personal data was in affected folders

Yuba-Sutter Medical Clinic

Breach Type - Ransomware

DataBreaches
September 12th, 2016

Notifies patients ransomware attack took place in early August
Regained access quickly and no data was lost
Experienced some delays in accessing internal information
No personal information released or exfiltrated

Marin Medical Practices Concepts

Breach Type - Ransomware

Mercury News
August 8th, 2016

Paid a ransom to regain access to data
Amount of paid ransom remains unknown
Declined to say whether law enforcement was involved
No evidence that patients’ data was accessed

State Health Insurance Website

Breach Type - Security Vulnerabilities

AP News
April 7th, 2016

Federal investigators found significant cyber security vulnerabilities
Vulnerabilities could enable hackers to access a wealth of sensitive personal data
Weaknesses found by Government Accountability Office
Officials in California said there is no evidence hackers have stolen anything

Education

Aspire Public Schools reveals 2022 breach, Alameda County

Breach Type – Unknown, Data Breach

DataBreaches.net
April 7, 2023

"Aspire Public Schools in California submitted notifications to at least two state attorneys general. According to its notification, Aspire learned that an unauthorized party gained access to one Aspire email account at various times between February 2022 and August 2022.”
”There was no evidence that the contents of the email account were actually viewed, but personal information was in the account."
“An undisclosed number of people have been notified. You can read the template notification on the Montana Attorney General’s website.”

Hacker Steals, Posts Data from Long Beach Schools, Los Angeles County

Breach Type – Unknown, Data Breach

GovTech.com
February 23rd, 2023

“Student data from the Long Beach Unified School District has been stolen by a hacker and posted online, officials confirmed in a Wednesday, Feb. 22, email to pupils and parents."
“The email noted that more sensitive student and staff information — including addresses, birthdates, social security numbers and grades — had not been impacted by the cyber attack.”
”LBUSD first learned about the cyberattack on Tuesday evening, the email said. The district's Tecnology and Information Services Branch coordinated with multiple federal, state and local agencies, including law enforcement, to ensure that the more sensitive personal information hadn't been compromised.”.
”LBUSD has about 67,500 students, according to the most-recent data available on the state education department's website.”

Morgan Hill Unified School District discloses data breach, Santa Clara County

Breach Type – Unknown, Data Breach

DataBreaches.net
February 1st, 2023

"Morgan Hill Unified School District in California has disclosed a breach that occurred when an employee’s email account was accessed without authorization between September 11 and October 11, 2022. While the district’s investigation was able to confirm connections to the employee’s account during those dates, the investigation was not able to determine which specific emails or attachments were viewed or accessed by the unauthorized individual.”
”A copy of their notification to those affected, submitted to the California Attorney General’s Office on January 27, does not reveal exactly what data types were affected and whether it was employee data, student data, or both that may have been accessed without authorization. Nor does the notification explain whether this incident was a phishing incident or how the bad actor might have gotten access to the employee’s email account."
"Those notified have been offered one-year membership in a credit monitoring program. There does not seem to be any notice on the district’s website and the total number of those affected or notified was not disclosed in the notification letter. For the 2021-2022 school year, the k-12 district had more than 8,000 students enrolled and more than 320 full-time teachers.”

Hartnell College, FBI investigating ransomware attack, Monterey County

Breach Type – Unknown, Ransomware

King City Rustler
October 13th, 2022

“Last Sunday, Oct. 2, the Information and Technology Resources (ITR) team at Hartnell College detected abnormal network activity that prompted a manual network shutdown.”
”Currently, Hartnell College is working with third-party forensic incident response specialists and federal law enforcement to investigate this incident. The college has confirmed that the nature of the reported activity is related to a sophisticated ransomware attack. As a result, parts of the network will continue to be unavailable in order to mitigate risk.”
“Once ITR noticed the suspicious activity, the team immediately took the network offline out of an abundance of caution, and to prevent any further activity,” said Chelsy Pham, vice president of ITR, in a news release Oct. 7.”

More than 248,000 files leaked on the dark web in LAUSD ransomware case, Los Angeles County

Breach Type – Unknown, Data Breach

SC Magazine
October 3rd, 2022

“That’s how researchers at Check Point on Monday described the data and documents reportedly released Sunday by the Vice Society ransomware gang after the Los Angeles Unified School District refused to pay a ransom following the group’s attack on LAUSD in September.”
“Den Jones, CSO at Banyan Security, said the general rule is that most professionals — law enforcement included — will recommend not to pay any ransom when infected with ransomware. Jones said the LAUSD is correct in following this protocol, and for having reported the breach to the U.S. government. Jones added when organizations report to federal agencies such as CISA, the FBI or the U.S. Secret Service, other agencies are also notified.”
”LAUSD Superintendent Alberto Carvalho made the district’s position clear in a Tweet on Monday, when he said: “I understand there will be many opinions on this matter but, simply said, negotiating with cybercriminals attempting to extort education dollars from our kids, teachers, and staff will never be a justifiable option. LAUSD refuses to pay ransom.” Den Jones, CSO at Banyan Security, said the general rule is that most professionals — law enforcement included — will recommend not to pay any ransom when infected with ransomware. Jones said the LAUSD is correct in following this protocol, and for having reported the breach to the U.S. government. Jones added when organizations report to federal agencies such as CISA, the FBI or the U.S. Secret Service, other agencies are also notified.”

Data Breaches
February 22nd, 2023

"Detailed and highly sensitive mental health records of hundreds — and likely thousands — of former Los Angeles students were published online after the city’s school district fell victim to a massive ransomware attack last year, an investigation by The 74 has revealed.”
“The student psychological evaluations, published to a “dark web” leak site by the Russian-speaking ransomware gang Vice Society, offer a startling degree of personally identifiable information about students who received special education services, including their detailed medical histories, academic performance and disciplinary records.”
"But people are likely unaware their sensitive information is readily available online because the Los Angeles Unified School District hasn’t alerted them, a district spokesperson confirmed, and leaders haven’t acknowledged the trove of records even exists. In contrast, the district publicly acknowledged last month that the sensitive information of district contractors had been leaked.”

Sierra College victim of ransomware incident, Placer County

Breach Type – Unknown, Ransomware

Data Breaches
September 21st, 2022

“This is the result of an external ransomware attack on our systems. We are working with law enforcement and third-party cybersecurity and forensic experts to investigate this incident, assess the potential impact, and bring our systems back online."
"We are working with law enforcement and third-party cybersecurity and forensic experts to investigate this incident"

FBI, DHS join probe into massive LAUSD cyberattack as school goes on, Los Angeles County

Breach Type – Unknown, Ransomware

LA Times
September 6th, 2022

“The cyberattack that disabled computer systems across the Los Angeles Unified School District school was criminal in nature, but by Tuesday most online services — including key emergency systems — were operating safely,"
“An investigation involving the FBI, the Department of Homeland Security and local law enforcement is under way, underscoring the seriousness of the attack, which was detected at 10:30 p.m. Saturday."
“Authorities moved to shut down many of the district’s most sensitive platforms over the weekend as the attack was underway."

Napa Valley College Files Report of Recent Data Breach Following Ransomware Attack, Napa County

Breach Type – Hacking, Data Breach

JD Spura
August 29th, 2022

"On August 25, 2022, Napa Valley College confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on NVC’s network."
"The breach resulted in the names and Social Security numbers belonging to certain individuals being compromised."
“Recently, NVC sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds."

Northcentral University Announces Data Breach Affecting Sensitive Student Information, San Diego County

Breach Type – Hacking, Data Breach

JDSpura
July 18th, 2022

“Northcentral University (“NCU”) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive student data contained on the school’s network."
“The breach resulted in the names, addresses, Social Security numbers, and student identification numbers of affected students being compromised."
“On July 15, 2022, Northcentral University filed an official notice of the breach and sent out data breach letters to all affected parties."
“On May 26, 2022, NCU detected suspicious activity on its computer network. In response, the school secured its network and enlisted the assistance of a digital forensics firm to investigate the incident."
"As a result of this investigation, Northcentral University was able to confirm that certain students’ financial aid award information was accessible to an unauthorized party."

FBI Investigating July 4 Malware Attack Against College of Desert; School Networks Remain Down, Riverside County

Breach Type – Unknown, Malware

Desert Sun
July 5th, 2022

“The College of the Desert has fallen victim to a second successful malware attack against its online network in as many years."
“Most of the college's online services have been offline since July 4. Currently, its website is not available, campus phone lines have been affected and some — but not all — employees are lacking access to their email accounts"
“The Federal Bureau of Investigation is investigating the incident while the college's information technology staff along with a third-party attempt to "minimize any further disruption."
“Staff are continuing to serve students through various alternative means."

Monterey Peninsula Unified School District notifying current and former employees of data security incident, Monterey County

Breach Type – Hacking, Data Breach

DataBreaches.net
December 29th, 2021

“The Monterey Peninsula Unified School District has been notifying current and former employees of a data security incident that they discovered on or about November"
"…the district determined that files containing certain personal information on employees were present in the potentially impacted network locations"
“Although they had no evidence of any misuse of information as of December 21 (the date of their notification letter), the investigation did reveal that the information included first and last names as well as Social Security numbers, medical information, and financial account information."
“The district is continuing to investigate the incident and has offered those potentially affected 12 months of credit monitoring and identity protection services through Cyberscout."

Woodlake Unified District student and personnel data dumped after ransomware incident, Tulare County

Breach Type – Hacking, Ransomware

DataBreaches.net
October 26th, 2021

"On April 11, the district took to Facebook to alert the community to a ransomware incident that occurred on April 9. For months, the breach did not show up anywhere, but on September 13, Pysa threat actors added it to their leak site, noting the incident as April 8."
"the data dump seemingly should have contained 77 parts that included more than 16 GB of files, compressed."
"We found files containing the names and surnames of the students with their date of birth and social security numbers. Some spreadsheets contained students’ email addresses and passwords."
"date and the name of the student with other special education-related information for the students."
”Some files had employees’ names with social security numbers as well as other personally identifiable information. We also found some personnel issues such as complaints about individuals or investigations."
"information on employees from the 2018-2019 and 2019-2020 included injury status reports with fields like: Employee Name, Social Security Name, Date of Birth, Address, Phone, Gender, Job Title, Date of Injury, Time, Specific Injury, Supervisors Comments. In other files, there were medical reports related to claims such as physician statements and disability forms."

Centinela Valley Union High School District notifying employees and students of malware incident, Los Angeles County

Breach Type – Unknown, Malware

DataBreaches.net
October 25th, 2021

", some Centinela Valley Union High School District computer systems were infected with malware that encrypted the data on those machines. We quickly identified and contained the malware, began to restore access to data, and launched an investigation with the assistance of a cybersecurity firm."
", the investigation determined that an unauthorized person accessed computer systems that store data pertaining to current and former employees and students, including names, Social Security numbers, financial accounts, health insurance information, and/or medical information."
"we have no evidence that your personal information has been stolen or misused, our investigation thus far has not been able to rule out that possibility."

Visalia Unified School District Hit by Ransomware Attack

Breach Type – Unknown, Ransomware

YourCentralValley.com
May 18th, 2021

The Visalia Unified School District announced Tuesday it has been the victim of a “ransomware” attack that impacted the operation of the district’s IT systems
The district said many IT systems are offline until further notice and that local and federal law enforcement have been notified and are aware of the incident

University of California, Los Angeles County

Breach Type – Hacking, Data Breach

The Hill
April 3rd, 2021

University data was compromised through the ransomware attack on Accellion
Compromised information includes names, birth dates, SSNs, and bank account information.
Investigation is ongoing

Newhall School District, Los Angeles County

Breach Type – Unknown, Ransomware

CBS Los Angeles
September 15th, 2020

School forced to cancel online classes following ransomware cyberattack
Officials reported that bad actors disabled their network
Legal team and insurance provider were consulted following attack

Selma Unified School District, Fresno County

Breach Type – Unknown, Ransomware

KMPH Fox 26
August 28th, 2020

School district computer network hit in ransomware cyberattack
IT personnel took precautionary measures and had the network shut down
Officials remained uncertain as to total damage caused by the attack

Rialto School District, Los Angeles County

Breach Type – Unknown, Malware

Infosecurity Magazine
August 25th, 2020

Virtual classes were forced to shut down following cyberattack
IT personnel remained diligent in their efforts to restore the network
Students with school-assigned devices were encouraged to return them for cleaning

Imperial Valley College, Imperial County

Breach Type – Unknown, Ransomware

Calexico Chronicle
August 10th, 2020

Telephone systems were taken out following ransomware cyberattack
Bad actors managed to shut down phones and additional unknown systems
Officials continued to investigate the attack, remained unsure if personal information was leaked

Cal State Northridge, Los Angeles County

Breach Type – Unknown, Data Breach

OC Register
August, 1st, 2020

Bad actor was unsuccessful in placing ransomware over cloud hosting software for Cal State
No sensitive information was exposed but ransomware was still paid by cloud hosting service
Customers affected were notified promptly of potential exposure

Carpinteria Unified School District (CUSD), Santa Barbara County

Breach Type – Unknown, Ransomware

Coastal View
January 23rd, 2020

School district's network taken out in ransomware cyberattack
District reported $90,000 in damage according to superintendent
IT personnel were praised for quick action, school to file insurance claim

University of California San Francisco, San Francisco County

Breach Type – Unknown, Ransomware

Ed Scoop
June 4th, 2020

Bad actors used ransomware in cyberattack against college
Screenshots of leaked information were posted to a blog
Third party cybersecurity professionals and law enforcement have been contacted

Data Breaches
June 19th, 2020

UCSF IT officials stated they identified and ceased unauthorized access to network
Officials further stated they had been working closely with FBI
School system has not publicly confirmed which ransomware they were hit with

Data Breaches
June 27th, 2020

School officials decided to pay ransom of nearly $1.4 million to bad actors
IT personnel worked closely with third party cyber professionals
Officials believed patient medical records remained intact

California School Districts, State of California

Breach Type – Hacking, Data Breach

Identity Theft Resource Center
June 5th, 2020

Software that affects over 600 schools suffered a data breach following a unauthorized access into accounts
It had been discovered that both student and parent information was exposed such as login information addresses and more
Due to the nature of the network if bad actors gain access to any email account they can potentially access other accounts like financial or social media

San Dieguito Union High School District, San Diego County

Breach Type – Phishing, Data Breach

NBC 7 San Diego
May 14th, 2020

Bad actor's likely accessed personal information during data breach
Investigations confirmed breach occurred in summer of 2019
Officials uncertain about accessed information, likely included SSN, ID numbers

Mountain View-Los Altos Union High School District, Santa Clara County

Breach Type – Unknown, Ransomware

Bitcoinist
February 1st, 2020

Bitcoin demanded during ransomware cyberattack
District credit cards used by bad actors after attack
Bad actors likely originated in Russia or China

Panama-Buena Vista School District, Kern County

Breach Type – Unknown, Ransomware

Turn To 23
January 15th, 2020

Teaches left unable to deliver report carts after cyberattack
Ransomware was utilized by bad actors to affect school systems
Federal authorities investigated the cyberattack

Pittsburgh Unified School District, Contra Costa County

Breach Type – Unknown, Ransomware

Data Breaches
January 10th, 2020

Law enforcement and IT providers investigated ransomware attack
Affected servers taken offline, phone systems remained functional
Officials believed no private information was stolen

Tulare Joint Union High School District, Tulare County

Breach Type – Unknown, Ransomware

Visalia Times Delta
December 12th, 2019

Administrative and financial information was target of ransomware cyberattack
Officials advise that no financial or student information was taken
School district outsourced IT assistance from third party

San Bernardino City Unified School District, San Bernardino County

Breach Type – Unknown, Ransomware

KTLA 5
October 20th, 2019

Ransomware cyberattack forced school district to resort to older methods
Officials confirmed that student and parent information was unaffected
School was unable to utilize email system until issue resolved

Sylvan Unified School District, Stanislaus County

Breach Type - Unknown, Malware

Modbee
April 4th, 2019

The school district put in a ticket for an attack launched against their computer system
Costs were easily over $100,000 in attempts to repair systems in over 10 schools
Staff were unable to use basic network features and report cards and state testing were delayed

Carmel Unified School District, Monterey County

Breach Type - Phishing, Data Breach

Data Breaches
March 12th, 2018

Carmel Unified School District successfully attacked by phishing
Acquired documents potentially included SS numbers, marriage certificates, birth certificates, and other sensitive documentation
School District stated they would improve data security going forward

Centinela Valley Union High School District, Los Angeles County

Breach Type - Phishing, Data Breach

Data Breaches
February 20th, 2019

Sensitive W2 employee information may have been compromised
Hackers disguised phishing email as one from inside of the school district
IRS and federal law enforcement has been contacted regarding this incident

San Diego Unified School District, San Diego County

Breach Type - Phishing, Data Breach

News Week
December 21st, 2018

Hackers gathered network access log-in information from staff
Used log-in information to access district’s network services, including the district student database
Personal data may have been compromised

Sacramento State University, Sacramento County

Breach Type - Phishing, Other

State Hornet
August 20th, 2018

Sacramento State reported 350+ compromised accounts due to phishing attack
Malicious IP addresses originated in the United Kingdom
Students and staff advised to update university account credentials

Ygnacio Valley High School, Contra Costa County

Breach Type - Phishing

KTVU
May 10th, 2018

High school student uses phishing scheme to infiltrate Mount Diablo Unified School District IT Network
Sent phishing scheme to teachers & the teachers entered account credentials into malicious website
Student changed grades of multiple students

Long Beach City College

Breach Type - Hack

Long Beach Post
April 11th, 2018

Technology systems down due to malware
Employee email system down & enrollment/payment software for students down
Classes continue despite attack

Ventura County's Office of Education

Breach Type - Hack

VC Star
June 28th, 2017

Websites of numerous school districts went offline
7 total websites down
Websites hacked with pro-ISIS propaganda
Part of multiple website hacks of government/education across United States

Los Angeles Valley College

Breach Type - Ransomware

Bleeping Computer
January 10th, 2017

Hackers gave one-week deadline for ransom money
District Board agreed to use money in their cyber insurance funds
Los Angeles Community College District paid $28,000 ransom

Kern County Superintendent of Schools

Breach Type - Phishing

DataBreaches
May 13th, 2016

Kern County payroll department fell victim to phishing scam
Employees notified same day of breach
Personal information of more than 2,500 employees starting in 2015, was breached

California Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in
9-1-1 Cyber News?

Follow Us!

California Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in9-1-1 Cyber News?

Follow Us!

Want the latest in
9-1-1 Cyber News?