The city of Cincinnati accidently exposed the personal information for more than 2,000 current and former employees for almost two weeks in April.
The employee data included names, addresses, insurance information and, in some cases, Social Security numbers.
The mistake occurred when the city posted a request for dental and vision insurance providers to submit proposals to cover city employees.
The city officials notified the affected city employees and offered them two years of free credit monitoring and identity theft coverage.
TPRM report: https://scoringcyber.rankiteo.com/company/city-of-cincinnati
"id": "cit22621822",
"linkid": "city-of-cincinnati",
"type": "Breach",
"date": "04/2022",
"severity": "70",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 2000,
'industry': 'Public Administration',
'location': 'Cincinnati, Ohio',
'name': 'City of Cincinnati',
'type': 'Government'}],
'attack_vector': 'Accidental Exposure',
'data_breach': {'number_of_records_exposed': 2000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information']},
'date_detected': 'April',
'description': 'The city of Cincinnati accidentally exposed the personal '
'information for more than 2,000 current and former employees '
'for almost two weeks in April.',
'impact': {'data_compromised': ['names',
'addresses',
'insurance information',
'Social Security numbers'],
'identity_theft_risk': True},
'post_incident_analysis': {'root_causes': 'Accidental exposure during a '
'request for proposals'},
'response': {'communication_strategy': ['Notified affected employees'],
'recovery_measures': ['Offered two years of free credit '
'monitoring and identity theft coverage']},
'title': 'Cincinnati City Employee Data Exposure',
'type': 'Data Exposure'}