• Home
  • Breach
  • California Department of Corrections and Rehabilitation
Breach cyber

California Department of Corrections and Rehabilitation

Oct 31, 2017 2 min read
California Department of Corrections and Rehabilitation

The California Department of Corrections and Rehabilitation (CDCR) experienced a data breach at Salinas Valley State Prison, reported on **December 26, 2017**, but discovered earlier on **October 31, 2017**. The incident involved the **improper disposal of confidential documents**, exposing sensitive personal information of prison staff. Specifically, the breach compromised the **names and Social Security numbers (SSNs)** of employees who were working at the facility as of **January 15, 2016**. The mishandling of physical records—likely due to inadequate disposal protocols—led to unauthorized access risks for affected personnel. While the exact number of impacted individuals was not specified in the report, the exposure of SSNs poses severe threats, including **identity theft, financial fraud, and long-term reputational harm** for the employees. The breach highlights systemic vulnerabilities in the CDCR’s data management practices, particularly in securing and disposing of sensitive employee records. No evidence suggested the data was actively exploited by malicious actors, but the **potential for misuse remains high** given the nature of the exposed information. The incident underscores the need for stricter document handling procedures within governmental correctional institutions to prevent similar lapses in the future.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-131611

TPRM report: https://www.rankiteo.com/company/california-department-of-corrections-and-rehabilitation

"id": "cal008091825",
"linkid": "california-department-of-corrections-and-rehabilitation",
"type": "Breach",
"date": "1/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Public Safety / Corrections',
                        'location': 'California, USA (Salinas Valley State '
                                    'Prison)',
                        'name': 'California Department of Corrections and '
                                'Rehabilitation (CDCR)',
                        'type': 'Government Agency'},
                       {'customers_affected': 'Staff employed as of 2016-01-15 '
                                              '(number not specified)',
                        'industry': 'Public Safety / Corrections',
                        'location': 'Monterey County, California, USA',
                        'name': 'Salinas Valley State Prison',
                        'type': 'Correctional Facility'}],
 'attack_vector': 'Improper Disposal of Physical Documents',
 'customer_advisories': 'Notification to Affected Staff (assumed)',
 'data_breach': {'data_exfiltration': 'No (Physical Documents Improperly '
                                      'Disposed)',
                 'file_types_exposed': ['Physical Paper Records'],
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High (SSNs and Names)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2017-10-31',
 'date_publicly_disclosed': '2017-12-26',
 'description': 'The California Department of Corrections and Rehabilitation '
                'reported a data breach involving the inappropriate disposal '
                'of confidential documents at Salinas Valley State Prison. The '
                'breach exposed the names and social security numbers of staff '
                'employed at the prison as of January 15, 2016.',
 'impact': {'brand_reputation_impact': 'Potential Reputation Damage Due to '
                                       'Sensitive Data Exposure',
            'data_compromised': ['Names', 'Social Security Numbers'],
            'identity_theft_risk': 'High (Exposed SSNs)'},
 'investigation_status': 'Disclosed (2017-12-26)',
 'post_incident_analysis': {'root_causes': 'Improper Disposal of Confidential '
                                           'Physical Documents'},
 'recommendations': ['Implement Secure Document Destruction Policies for '
                     'Physical Records',
                     'Train Staff on Proper Handling of Sensitive Information',
                     'Conduct Regular Audits of Document Disposal Practices'],
 'references': [{'source': 'California Department of Corrections and '
                           'Rehabilitation (CDCR) Public Statement'}],
 'response': {'communication_strategy': 'Public Disclosure on 2017-12-26',
              'remediation_measures': 'Review and Improvement of Document '
                                      'Disposal Procedures (assumed)'},
 'title': 'California Department of Corrections and Rehabilitation Data Breach '
          '(2017)',
 'type': 'Data Breach (Physical)',
 'vulnerability_exploited': 'Lack of Secure Document Disposal Procedures'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.