Tucson, Arizona

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 123,000 individuals.

As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.

The threat actors had access to the network between May 17 and May 31 and might have accessed or stolen documents containing the information of 123,513 individuals.

"On May 29, 2022, the City learned of suspicious activity involving a user's network account credential," the data breach notification reads.

"On August 4, 2022, the City learned that certain files may have been copied and taken from the City's network."

The City began notifying potentially impacted individuals on September 23 that, among the sensitive personal information exposed during the incident, the attacker could have accessed the affected individuals' names and Social Security numbers.

"On September 12, this review concluded, and the review determined that the information at issue included certain personal information," the City revealed in a separate announcement on its official website. 

"The information within the potentially accessed files included certain individuals' name, Social Security number, driver's license or state identification number, and passport number."

No evidence of personal information misuse

Notification letters sent to affected individuals also reveal no evidence was found that this personal info has been misused until now.

Those impacted by the data breach are advised to monitor their credit reports for any suspicious activity that could hint at incidents of identity theft and fraud involving their personal information.

The City is providing impacted individuals with 12 months of free access to Experian credit monitoring and identity protection services, as well as guidance on defending against identity theft.

"The City treats the security of information in its possession as an utmost priority and apologizes for any inconvenience this event may cause," the breach notification letters read.

"As part of its ongoing commitment to the security of information within its care, the City reviewing its existing policies and procedures regarding cybersecurity and evaluating additional measures and safeguards to protect against this type of event in the future."

Update: Corrected title saying 125K+ individuals were affected instead of 123K+.

Wiz

The Board Report Deck CISOs Actually Use

CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value.

This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Turn security updates into meaningful conversations and faster decision-making in the boardroom.

Related Articles:

US nuclear weapons agency hacked in Microsoft SharePoint attacks

Grocery wholesale giant United Natural Foods hit by cyberattack

Johnson Controls starts notifying people affected by 2023 breach

Whole Foods supplier UNFI restores core systems after cyberattack

Krispy Kreme says November data breach impacts over 160,000 people