Social Security numbers and medical information have been accessed, city confirms
More details about an extensive data breach in the California city of Grass Valley revealed that the information of employees, citizens and others was copied and transferred to another network.
A rack of the city council previously confirmed it had experienced “unauthorized access” to its systems between April 13 and July 1, 2021.
There is now an investigation determined the size of the attack, which revealed that the malicious actor had transferred files outside of the city’s network, including the financial and personal information of “persons associated with Grass Valley”.
Information accessed through Grass Valley employee records—including former employees, spouses, family members, and individual salespeople—includes names and one or more of the following: Social Security numbers, driver’s license numbers, and restricted medical or Health insurance information.
Names and Social Security numbers were requested for individual salespeople hired by the city.
According to city representatives, infringement may also have affected individuals whose information was disclosed to the Grass Valley Police Department, along with loan applicants who had applied for funds from the Grass Valley Community Development Department.
Grass Valley said it began notifying the affected individuals on Jan. 7 and has alerted relevant authorities, including law enforcement agencies.
The city also offers free credit monitoring services to anyone affected by the breach.
Grass Valley sincerely regrets that this incident has occurred and apologizes for any inconvenience or concern.
“To help prevent something like this from happening again, Grass Valley continues to review its systems and take steps to improve existing security protocols.”