The Department of Toxic Substances Control (DTSC) experienced a data breach on March 10, 2023, reported publicly on March 23, 2023, due to an email account compromise. The incident exposed sensitive personal information, including names, Social Security Numbers (SSNs), Driver’s License Numbers, and medical records of individuals associated with the DTSC. While the breach involved unauthorized access to an email account, no files were downloaded, suggesting the exposure was limited to data visible within the compromised emails. The compromised information poses a high risk of identity theft, financial fraud, and privacy violations, particularly given the nature of the exposed data (SSNs and medical details). However, since no files were exfiltrated and the breach was contained to email access, the scope of the leak remains constrained to the data visible in the inbox/sent items. The DTSC has not confirmed whether the breach was part of a larger cyberattack (e.g., phishing, credential stuffing) or an isolated incident. The lack of file downloads reduces the likelihood of mass exploitation but does not eliminate risks for affected individuals, who may face targeted scams or misuse of their exposed credentials.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-564680
TPRM report: https://www.rankiteo.com/company/california-environmental-protection-agency
"id": "cal032090625",
"linkid": "california-environmental-protection-agency",
"type": "Breach",
"date": "3/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Environmental Regulation',
'location': 'California, USA',
'name': 'Department of Toxic Substances Control (DTSC)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'No (no files downloaded)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Driver’s License '
'Numbers'],
'sensitivity_of_data': 'High (PII and Medical Data)',
'type_of_data_compromised': ['Personal Information (PII)',
'Medical Information']},
'date_detected': '2023-03-10',
'date_publicly_disclosed': '2023-03-23',
'description': 'The Department of Toxic Substances Control (DTSC) reported a '
'data breach on March 23, 2023, involving an email account '
'compromise that occurred on March 10, 2023. The breach '
'potentially exposed personal information including names, '
'Social Security Numbers, Driver’s License Numbers, and '
'Medical Information of individuals related to DTSC, though no '
'files were downloaded.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Driver’s License Numbers',
'Medical Information'],
'identity_theft_risk': 'Potential (PII exposed)',
'systems_affected': ['Email Account']},
'title': 'Department of Toxic Substances Control (DTSC) Email Account '
'Compromise',
'type': 'Data Breach (Email Account Compromise)'}