Personal Information Compromised in City of Tucson Data Breach
Posted By Remote Techs On 14-November-2022
In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.
As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.
Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.
The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”
The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”
The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.
The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.
Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.
For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.
The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.