The California Office of the Attorney General disclosed a ransomware attack targeting Catholic Charities, Diocese of San Diego, discovered on March 30, 2020, with unauthorized access occurring between March 27 and March 30, 2020. The breach compromised highly sensitive personal data, including names, Social Security numbers, and medical information of affected individuals. Ransomware attacks typically encrypt critical systems, demanding payment for decryption, while simultaneously exfiltrating data for leverage or sale. In this case, the exposure of medical records and SSNs both high-value targets for identity theft, fraud, and blackmail poses severe long-term risks to victims, including financial harm, reputational damage, and potential healthcare fraud. The incident underscores the vulnerability of nonprofit and faith-based organizations, which often lack robust cybersecurity defenses despite handling vast amounts of sensitive data. The attack’s timing and the nature of the stolen data suggest a deliberate effort to maximize disruption and profit, aligning with trends where threat actors exploit sectors perceived as less prepared for sophisticated cyber threats.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190468
TPRM report: https://www.rankiteo.com/company/catholic-charities-diocese-of-san-diego
"id": "cat303082925",
"linkid": "catholic-charities-diocese-of-san-diego",
"type": "Ransomware",
"date": "3/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'social services / religious',
'location': 'San Diego, California, USA',
'name': 'Catholic Charities, Diocese of San Diego',
'type': 'non-profit organization'}],
'data_breach': {'personally_identifiable_information': ['names',
'social security '
'numbers'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personal information',
'protected health information '
'(PHI)']},
'date_detected': '2020-03-30',
'date_publicly_disclosed': '2020-05-29',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Catholic Charities, Diocese of San Diego, on '
'May 29, 2020. The breach, identified as a ransomware attack, '
'was discovered on March 30, 2020, after unauthorized access '
'presumably occurred between March 27 and March 30, 2020, '
'affecting various personal information types, including '
'names, social security numbers, and medical information.',
'impact': {'data_compromised': ['names',
'social security numbers',
'medical information'],
'identity_theft_risk': 'high'},
'ransomware': {'data_encryption': 'likely (implied by ransomware attack)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Catholic Charities, Diocese of San Diego',
'type': 'ransomware attack'}