More details concerning an extensive data breach at the City of Grass Valley, California, revealed the information of employees, citizens, and others was copied and transferred to another network.
A statement from the city council previously confirmed that it had experienced “unauthorized access” to its systems between April 13 and July 1, 2021.
An investigation has now determined the extent of the attack, revealing that the malicious actor had transferred files outside of the city’s network, including the financial and personal information of “individuals associated with Grass Valley”.
Data accessed from records belonging to Grass Valley employees – including former employees, spouses, dependents, and individual vendors – include names and one or more of the following: Social Security numbers, driver’s license numbers, and limited medical or health insurance information.
For individual vendors that were hired by the city, names and Social Security numbers were accessed.
According to city representatives, the breach may have also impacted individuals whose information had been provided to the Grass Valley Police Department, along with loan applicants who requested funds from the Grass Valley Community Development Department.
Grass Valley said it began notifying individuals affected on January 7 and has alerted the relevant authorities including law enforcement.
The city is also offering free credit monitoring services for any individual impacted by the breach.
“Grass Valley sincerely regrets that this incident occurred and apologizes for any inconvenience or concern,” it noted.
“To help prevent something like this from happening again, Grass Valley continues to review its systems and is taking steps to enhance existing security protocols.”
