On February X, 2014, the California Environmental Protection Agency (CalRecycle) disclosed a data breach that occurred on January 23, 2014. The incident involved the unauthorized electronic transmission of a Leave Activity and Balances Report to Personnel Liaisons. The exposed report contained sensitive personal information, specifically individuals' names and Social Security Numbers (SSNs). The exact number of affected individuals remains undetermined, raising concerns about potential identity theft or fraud risks. The breach stemmed from an internal mishandling of data, where confidential employee records were inadvertently shared beyond authorized recipients. While no evidence of malicious exploitation was reported, the exposure of SSNs highly valuable for identity fraud poses significant long-term risks to affected employees. The incident highlights vulnerabilities in CalRecycle’s data-sharing protocols and the critical need for stricter access controls to prevent similar leaks in the future.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-44175
TPRM report: https://www.rankiteo.com/company/california-environmental-protection-agency
"id": "cal022091825",
"linkid": "california-environmental-protection-agency",
"type": "Breach",
"date": "1/2014",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown (individuals with '
'exposed SSNs)',
'industry': 'Environmental Protection / Waste '
'Management',
'location': 'California, USA',
'name': 'California Department of Resources Recycling '
'and Recovery (CalRecycle)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Yes (sent electronically to '
'unauthorized recipients)',
'file_types_exposed': ['Leave Activity and Balances Report'],
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2014-01-23',
'date_publicly_disclosed': '2014-02',
'description': 'The California Environmental Protection Agency reported a '
'data breach at the Department of Resources Recycling and '
'Recovery (CalRecycle) on February 2014. The breach occurred '
'on January 23, 2014, when a Leave Activity and Balances '
"Report containing individuals' names and Social Security "
'Numbers was sent electronically to Personnel Liaisons. The '
'number of affected individuals is unknown.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs exposed)'},
'title': 'CalRecycle Data Breach (2014)',
'type': 'Data Breach'}