The California Department of Corrections and Rehabilitation (CDCR) discovered a potential data breach.
The breach potentially included medical information on everyone who was tested for COVID-19 by the department from June 2020 through January 2022, including staff, visitors, and others.
It did not include COVID testing information for the incarcerated population.
CDCR does not have any collaborating evidence which suggests the data exposed has been compromised or misused.
The department also notified authorities, and began a multi-agency investigation.
Someone or something entered the system without permission but there was no sign that anyone looked at or copied your information.
The information included their name, CDCR number, mental health treatment, mental health history, and mental health diagnosis.
Additionally, information in the Trust, Restitution, Accounting, and Canteen System (TRACS) was also potentially involved.
This information includes records of transactions made to and from trust accounts since 2008, as well as some trust account numbers.
Some of the data included Social Security Numbers, driver’s license numbers, and trust account information.
CDCR immediately shut down the system and initiated a multi-agency law enforcement and forensic investigation in order to conduct a thorough review into the matter.
Source: https://www.cdcr.ca.gov/family-resources/2022/08/22/potential-data-breach-information/
"id": "CAD2327271022",
"linkid": "california-department-of-corrections-and-rehabilitation",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"