Yesterday, Grass Valley in California announced they had suffered a breach last year. Their disclosure does not say when they first detected any breach, but reports that their investigation determined that unauthorized access had occurred between April 13, 2021 and July 1, 2021.
After further investigation, Grass Valley discovered that the unauthorized person transferred files outside of its network.
It wasn’t until December 1, 2021, that they determined what the exfiltrated files contained. As they disclose:
- For Grass Valley employees, former employees, spouses, dependents, and individual vendors, names and one or more of the following: Social Security numbers, driver’s license numbers, and limited medical or health insurance information.
- For individual vendors that were hired by the city, names and Social Security numbers.
- For individuals whose information may have been provided to the Grass Valley Police Department, names and one or more of the following: Social Security numbers, driver’s license numbers, financial account information, payment card information, limited medical or health insurance information, passport numbers, and username and password credentials to an online account.
- For individuals whose information was provided to the Grass Valley Community Development Department in loan application documents, names and one or more of the following: Social Security numbers, driver’s license numbers, financial account numbers, and payment card numbers.
Additional information and their full disclosure can be found at www.cityofgrassvalley.com, or by calling (855) 252-3244 from 6:00 am to 8:00 pm Pacific time, Monday through Friday, and 8:00 am to 5:00 pm Pacific time, Saturday and Sunday, excluding major U.S. holidays.