The California Department of Corrections and Rehabilitation (CDCR) discovered a potential data breach.
The breach potentially included medical information on everyone who was tested for COVID-19 by the department from June 2020 through January 2022, including staff, visitors, and others.
It did not include COVID testing information for the incarcerated population.
CDCR does not have any collaborating evidence which suggests the data exposed has been compromised or misused.
The department also notified authorities, and began a multi-agency investigation.
Someone or something entered the system without permission but there was no sign that anyone looked at or copied your information.
The information included their name, CDCR number, mental health treatment, mental health history, and mental health diagnosis.
Additionally, information in the Trust, Restitution, Accounting, and Canteen System (TRACS) was also potentially involved.
This information includes records of transactions made to and from trust accounts since 2008, as well as some trust account numbers.
Some of the data included Social Security Numbers, driver’s license numbers, and trust account information.
CDCR immediately shut down the system and initiated a multi-agency law enforcement and forensic investigation in order to conduct a thorough review into the matter.
Source: https://www.cdcr.ca.gov/family-resources/2022/08/22/potential-data-breach-information/
TPRM report: https://scoringcyber.rankiteo.com/company/california-department-of-corrections-and-rehabilitation
"id": "cad2327271022",
"linkid": "california-department-of-corrections-and-rehabilitation",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Corrections and Rehabilitation',
'location': 'California',
'name': 'California Department of Corrections and '
'Rehabilitation',
'type': 'Government Agency'}],
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Medical information',
'Transaction records',
'Trust account numbers',
'Social Security Numbers',
'Driver’s license numbers',
'Names',
'CDCR numbers',
'Mental health treatment',
'Mental health history',
'Mental health diagnosis']},
'description': 'The California Department of Corrections and Rehabilitation '
'(CDCR) discovered a potential data breach involving medical '
'information on everyone who was tested for COVID-19 by the '
'department from June 2020 through January 2022, including '
'staff, visitors, and others. The breach did not include COVID '
'testing information for the incarcerated population. The '
'department also notified authorities and began a multi-agency '
'investigation. The information included names, CDCR numbers, '
'mental health treatment, mental health history, mental health '
'diagnosis, and records of transactions made to and from trust '
'accounts since 2008, as well as some trust account numbers, '
'Social Security Numbers, and driver’s license numbers. CDCR '
'immediately shut down the system and initiated a multi-agency '
'law enforcement and forensic investigation.',
'impact': {'data_compromised': ['Medical information',
'Transaction records',
'Trust account numbers',
'Social Security Numbers',
'Driver’s license numbers',
'Names',
'CDCR numbers',
'Mental health treatment',
'Mental health history',
'Mental health diagnosis'],
'systems_affected': ['Trust, Restitution, Accounting, and Canteen '
'System (TRACS)']},
'investigation_status': 'Ongoing',
'response': {'containment_measures': ['System shutdown'],
'law_enforcement_notified': True},
'title': 'California Department of Corrections and Rehabilitation Data Breach',
'type': 'Data Breach'}