City of Roanoke

The City of Roanoke suffered a data breach in July 2023, as reported by the Vermont Office of the Attorney General. Unauthorized access was gained to a server potentially containing employee pension information, including names, Social Security numbers, and addresses. While the data may have been exposed, there is no evidence that it was stolen or misused maliciously. The breach was identified during a routine cybersecurity exercise, suggesting it was not an active, targeted attack but rather an exposure of sensitive internal records. The compromised data primarily pertains to current or former employees, raising concerns about identity theft or financial fraud risks, though no immediate harm has been confirmed. The incident highlights vulnerabilities in the city’s data protection measures, particularly regarding personally identifiable information (PII) tied to municipal workers.

Source: https://ago.vermont.gov/document/2023-07-31-city-roanoke-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/city-of-roanoke-va

"id": "cit006091825",
"linkid": "city-of-roanoke-va",
"type": "Breach",
"date": "7/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Public Administration',
                        'location': 'Roanoke, Virginia, USA',
                        'name': 'City of Roanoke',
                        'type': 'Government (Local)'}],
 'data_breach': {'data_exfiltration': 'no evidence of exfiltration or '
                                      'malicious use',
                 'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers',
                                                         'addresses'],
                 'sensitivity_of_data': 'high (includes SSNs)',
                 'type_of_data_compromised': ['personal information',
                                              'employee pension information']},
 'date_detected': '2023-07-31',
 'date_publicly_disclosed': '2023-07-31',
 'description': 'The Vermont Office of the Attorney General reported that the '
                'City of Roanoke experienced a data breach involving '
                'unauthorized access to a server that may have housed employee '
                'pension information. While personal information, including '
                'names, Social Security numbers, and addresses, may have been '
                'exposed, there is no evidence that this information was taken '
                'or used maliciously. The incident was discovered during a '
                'cybersecurity exercise.',
 'impact': {'data_compromised': ['names',
                                 'Social Security numbers',
                                 'addresses',
                                 'employee pension information'],
            'identity_theft_risk': 'potential (no evidence of malicious use)',
            'systems_affected': ['server housing employee pension '
                                 'information']},
 'initial_access_broker': {'high_value_targets': ['employee pension '
                                                  'information']},
 'investigation_status': 'Discovered during a cybersecurity exercise; no '
                         'evidence of malicious use of exposed data',
 'references': [{'date_accessed': '2023-07-31',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'City of Roanoke Data Breach Involving Employee Pension Information',
 'type': 'Data Breach'}