The California Department of Corrections and Rehabilitation (CDCR) experienced a data breach in August 2022, stemming from unauthorized access to a file-sharing platform that began as early as December 2021. The incident exposed sensitive personal information of inmates and parolees, including full names, CDCR identification numbers, dates of birth, and Social Security numbers. While the breach granted unauthorized parties access to this data, forensic investigations found no evidence that the information was copied, exfiltrated, or misused. The exposed data primarily pertained to individuals within the correctional system, raising concerns about potential identity theft or fraud. However, the lack of confirmed data theft or broader systemic impact limited the immediate fallout. The CDCR took steps to notify affected individuals and enhance security protocols to prevent future incidents, though the breach underscored vulnerabilities in handling sensitive data within government agencies.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-556463
TPRM report: https://www.rankiteo.com/company/california-department-of-corrections-and-rehabilitation
"id": "cal022091825",
"linkid": "california-department-of-corrections-and-rehabilitation",
"type": "Breach",
"date": "12/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Inmates and parolees (number '
'unspecified)',
'industry': 'Public Safety / Corrections',
'location': 'California, USA',
'name': 'California Department of Corrections and '
'Rehabilitation (CDCR)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'No evidence of data being copied',
'personally_identifiable_information': ['names',
'CDCR numbers',
'dates of birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personal Information (PII)']},
'date_detected': '2022-08-22',
'date_publicly_disclosed': '2022-08-22',
'description': 'The California Department of Corrections and Rehabilitation '
'(CDCR) reported a data breach on August 22, 2022, involving '
'unauthorized access to a file-sharing platform dating back to '
'December 2021. The breach potentially affected personal '
'information of inmates and parolees, including names, CDCR '
'numbers, dates of birth, and Social Security numbers, but no '
'evidence of data being copied was found.',
'impact': {'data_compromised': ['names',
'CDCR numbers',
'dates of birth',
'Social Security numbers'],
'identity_theft_risk': 'Potential (no evidence of data being '
'copied)',
'systems_affected': ['file-sharing platform']},
'initial_access_broker': {'entry_point': 'File-sharing platform',
'high_value_targets': ['Personal data of inmates '
'and parolees']},
'investigation_status': 'Ongoing (as of disclosure; no evidence of data '
'copying found)',
'response': {'communication_strategy': 'Public disclosure on August 22, 2022'},
'title': 'California Department of Corrections and Rehabilitation (CDCR) Data '
'Breach',
'type': 'Data Breach'}