On March 22, 2024, the California Department of Food and Agriculture (CDFA) disclosed a data breach that occurred on March 7, 2024, exposing Personally Identifiable Information (PII) of users on its extranet site. The compromised data included names, addresses, phone numbers, email addresses, usernames, and passwords. While the breach did not involve financial records, medical data, or highly sensitive government intelligence, the exposure of authentication credentials (usernames/passwords) poses a significant risk of follow-on attacks, such as credential stuffing, phishing, or unauthorized access to other linked accounts. The CDFA acknowledged a vulnerability in its system, which was subsequently patched to prevent further exploitation. The incident highlights weaknesses in access controls and data protection measures, particularly for a government agency handling public and stakeholder information. Though no immediate financial or operational disruptions were reported, the breach undermines public trust and may lead to regulatory scrutiny under data protection laws like CCPA (California Consumer Privacy Act).
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-582925
TPRM report: https://www.rankiteo.com/company/californiadepartmentoffoodandagriculture
"id": "cal042091825",
"linkid": "californiadepartmentoffoodandagriculture",
"type": "Breach",
"date": "3/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Agriculture',
'location': 'California, USA',
'name': 'California Department of Food and Agriculture '
'(CDFA)',
'type': 'Government Agency'}],
'data_breach': {'personally_identifiable_information': ['names',
'addresses',
'phone numbers',
'email addresses',
'usernames',
'passwords'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-03-07',
'date_publicly_disclosed': '2024-03-22',
'description': 'The California Department of Food and Agriculture (CDFA) '
'reported a data breach on March 22, 2024, involving an '
'incident that occurred on March 7, 2024. The breach exposed '
'Personally Identifiable Information (PII) including names, '
'addresses, phone numbers, email addresses, and usernames and '
'passwords of users on its extranet site. Steps have been '
'taken to correct the vulnerability to prevent further '
'breaches.',
'impact': {'data_compromised': ['names',
'addresses',
'phone numbers',
'email addresses',
'usernames',
'passwords'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['extranet site']},
'post_incident_analysis': {'corrective_actions': ['Corrected the '
'vulnerability to prevent '
'further breaches']},
'response': {'incident_response_plan_activated': True,
'remediation_measures': ['Corrected the vulnerability to prevent '
'further breaches']},
'title': 'California Department of Food and Agriculture (CDFA) Data Breach - '
'March 2024',
'type': 'Data Breach'}