On January 26, 2023, the California Office of the Attorney General disclosed a data breach affecting the Air Resources Board (CARB), stemming from a data processing error on January 3, 2023. The incident led to the unintentional exposure of sensitive information belonging to 56,167 TRUCRS (Truck Regulation Upload, Compliance, and Reporting System) account holders. Compromised data included contact names, titles, mailing addresses, usernames, and TRUCRS IDs though no financial, password, or highly sensitive personal details (e.g., Social Security numbers) were disclosed.The breach was attributed to a systemic misconfiguration during data handling, rather than a targeted cyberattack or malicious intrusion. CARB notified affected individuals and implemented corrective measures to prevent recurrence, including a review of data processing protocols. While the exposed information could potentially facilitate phishing or identity-based fraud, there was no evidence of exploitation at the time of reporting. The incident underscored vulnerabilities in governmental data management systems, particularly those handling large-scale regulatory compliance platforms like TRUCRS.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-562283
TPRM report: https://www.rankiteo.com/company/california-air-resources-board
"id": "cal549091725",
"linkid": "california-air-resources-board",
"type": "Breach",
"date": "1/2023",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '56,167',
'industry': 'Environmental Regulation',
'location': 'California, USA',
'name': 'California Air Resources Board (CARB)',
'type': 'Government Agency'}],
'data_breach': {'number_of_records_exposed': '56,167',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate',
'type_of_data_compromised': ['contact name',
'contact title',
'mailing address',
'username',
'TRUCRS ID']},
'date_detected': '2023-01-26',
'date_publicly_disclosed': '2023-01-26',
'description': 'The California Office of the Attorney General reported a data '
'breach involving the Air Resources Board (CARB) on January '
'26, 2023. The breach occurred on January 3, 2023, due to a '
'data processing error that resulted in the accidental '
'dissemination of information related to up to 56,167 TRUCRS '
'account holders, including contact name, contact title, '
'mailing address, username, and TRUCRS ID.',
'impact': {'data_compromised': ['contact name',
'contact title',
'mailing address',
'username',
'TRUCRS ID']},
'post_incident_analysis': {'root_causes': 'Data processing error leading to '
'accidental dissemination of '
'account holder information'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'title': 'California Air Resources Board (CARB) Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Data processing error'}