On September 29, DataBreaches.net sent an email to Golden Gate Regional Center (GGRC) asking about claims by Conti threat actors that they had encrypted GGRC’s system(s). As proof, the attackers had uploaded more than a dozen files.
GGRC, a state- and federally-funded nonprofit organization serving individuals with developmental disabilities in Marin, San Francisco and San Mateo counties, never responded to this site’s inquiry, but on November 20, they posted a notice on their site. The notice states that they first became aware of a security issue on September 23 and immediately assembled a team and began investigating. Their investigation revealed that some data had been accessed and exfiltrated.
The types of information involved included:
names, GGRC-issued unique client identifier (“UCI”) numbers, service descriptions or codes, vendor or service provider names or numbers, months or years of service, and/or cost information related to services.
Those affected were offered mitigation services and advice:
In addition to informing potentially impacted individuals about the incident, the notification letter includes steps that potentially impacted individuals can take to protect their information and offers these individuals access to complimentary identity monitoring and protection services. GGRC recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
The web site notification is silent on the issue of whether any personally identifiable information was dumped online.
Since the original listing, Conti has added more files to the data dump. As of yesterday, there were more than 2,500 files, covering almost a decade. A skim of the files indicated that many were routine record-keeping and payment information for vendors and budgetary issues. Whether Conti will add more files in the future remains to be seen. Hopefully, Conti will just leave this non-profit alone already.
On November 20, GGRC reported this incident to HHS as impacting 11,315 clients. For reasons that are not obvious to this site, they reported either as a Business Associate or that a business associate had been involved in the breach. DataBreaches.net sent an email inquiry asking them why they reported this as a Business Associate or as involving a business associate and will update this post if a response is received.