Chicano Federation of San Diego County

The Chicano Federation of San Diego County experienced a data breach where unauthorized actors gained access to their network between December 9–15, 2024, and an employee email account from December 11, 2024, to February 25, 2025. The incident exposed sensitive personal information, including full names, Social Security numbers, dates of birth, and financial details of affected individuals. The breach was investigated and formally concluded on April 4, 2025. The compromised data suggests a targeted intrusion aimed at harvesting personally identifiable information (PII) and financial records, likely for fraudulent purposes or identity theft. The prolonged access to an employee email account indicates potential phishing or credential theft, enabling deeper infiltration. While the full scope of misuse remains unclear, the exposure of such critical data poses severe risks to victims, including financial fraud, credit damage, and long-term identity exploitation. The organization has not disclosed whether ransomware was involved, but the breach’s focus on PII aligns with patterns seen in cybercriminal operations designed for monetary gain or secondary attacks.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-601333

TPRM report: https://www.rankiteo.com/company/chicano-federation-of-san-diego-county

"id": "chi1018090725",
"linkid": "chicano-federation-of-san-diego-county",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Social Services / Community Development',
                        'location': 'San Diego County, California, USA',
                        'name': 'Chicano Federation of San Diego County',
                        'type': 'Non-profit Organization'}],
 'data_breach': {'personally_identifiable_information': ['full names',
                                                         'Social Security '
                                                         'numbers',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial Information']},
 'date_resolved': '2025-04-04',
 'description': 'The Chicano Federation of San Diego County reported a data '
                'breach involving unauthorized access to their network from '
                'December 9, 2024, to December 15, 2024, and to an employee '
                'email account from December 11, 2024, to February 25, 2025. '
                'The breach potentially exposed personal information, '
                'including full names, Social Security numbers, dates of '
                'birth, and financial information.',
 'impact': {'data_compromised': ['full names',
                                 'Social Security numbers',
                                 'dates of birth',
                                 'financial information'],
            'identity_theft_risk': 'High (PII and financial data exposed)',
            'payment_information_risk': 'High (financial information exposed)',
            'systems_affected': ['network', 'employee email account']},
 'investigation_status': 'Concluded (as of 2025-04-04)',
 'title': 'Chicano Federation of San Diego County Data Breach',
 'type': 'Data Breach'}