Vallejo City Confirms Email Breach After Fraudulent Tiffany & Co. Phishing Scam
The City of Vallejo disclosed on June 5, 2026, that unauthorized actors compromised its email management platform, Constant Contact, to send a fraudulent phishing email. The malicious message, titled “something awaits,” was distributed at approximately 4 p.m. on June 4 from the city’s official info@cityofvallejo.net address.
Disguised as a communication from luxury jeweler Tiffany & Co., the email contained a link designed to deceive recipients into clicking. Vallejo’s Information Technology Department is investigating the breach to determine the intrusion’s origin and scope. As of the latest update, officials stated there is no evidence of public risk or compromise of personal data stored on Constant Contact. The city is implementing measures to secure the platform.
Recipients were advised to delete the email, with no further action required.
This incident follows a notable 2016 data breach in which Vallejo accidentally exposed employee Social Security numbers in response to a public records request from Transparent California. The city did not notify affected employees until five months later, later providing identity protection services at no cost.
Source: https://johnglidden.com/2026/06/05/city-of-vallejo-confirms-hacking-incident/
Constant Contact TPRM report: https://www.rankiteo.com/company/constant-contact
City of Vallejo TPRM report: https://www.rankiteo.com/company/city-of-vallejo
"id": "concit1780712746",
"linkid": "constant-contact, city-of-vallejo",
"type": "Breach",
"date": "6/2026",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Email recipients',
'industry': 'Public Sector',
'location': 'Vallejo, California, USA',
'name': 'City of Vallejo',
'type': 'Government'}],
'attack_vector': 'Email Compromise',
'customer_advisories': 'Recipients advised to delete the email, no further '
'action required',
'data_breach': {'personally_identifiable_information': 'No evidence of '
'personal data '
'compromise (current '
'incident)'},
'date_detected': '2026-06-04T16:00:00',
'date_publicly_disclosed': '2026-06-05',
'description': 'The City of Vallejo disclosed that unauthorized actors '
'compromised its email management platform, Constant Contact, '
'to send a fraudulent phishing email. The malicious message, '
"titled 'something awaits,' was distributed from the city’s "
'official info@cityofvallejo.net address, disguised as a '
'communication from luxury jeweler Tiffany & Co. The email '
'contained a deceptive link.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'systems_affected': 'Email management platform (Constant Contact)'},
'investigation_status': 'Ongoing',
'motivation': 'Fraud/Deception',
'references': [{'date_accessed': '2026-06-05',
'source': 'City of Vallejo Disclosure'}],
'response': {'communication_strategy': 'Public disclosure, advisory to delete '
'the email',
'containment_measures': 'Investigating the breach, securing the '
'platform'},
'title': 'Vallejo City Email Breach After Fraudulent Tiffany & Co. Phishing '
'Scam',
'type': 'Phishing'}