County of San Diego

On December 17, 2015, the County of San Diego experienced an unintentional data breach reported by the California Office of the Attorney General on January 26, 2016. The incident involved the disclosure of sensitive personal information of eight County employees to Wells Fargo. The compromised data included names, addresses, Social Security numbers, and other identifying details, exposing employees to potential identity theft, financial fraud, or targeted phishing attacks. The breach was attributed to an internal error, leading to the unauthorized transfer of confidential records. While the scale of affected individuals was relatively small, the nature of the exposed data particularly Social Security numbers posed significant risks to the impacted employees. The County likely faced reputational damage and potential legal or regulatory scrutiny due to the failure to safeguard employee records. No evidence suggested malicious external hacking, but the incident highlighted vulnerabilities in data-handling protocols within the organization.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-59801

TPRM report: https://www.rankiteo.com/company/county-of-san-diego

"id": "cou1008091725",
"linkid": "county-of-san-diego",
"type": "Breach",
"date": "12/2015",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '8 (employees)',
                        'industry': 'Public Administration',
                        'location': 'San Diego, California, USA',
                        'name': 'County of San Diego',
                        'type': 'Government (County)'}],
 'data_breach': {'data_exfiltration': 'Unintentional disclosure to Wells Fargo',
                 'number_of_records_exposed': '8',
                 'personally_identifiable_information': ['names',
                                                         'addresses',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)']},
 'date_detected': '2015-12-17',
 'date_publicly_disclosed': '2016-01-26',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving the County of San Diego on January 26, 2016. '
                'The breach, which occurred on December 17, 2015, resulted in '
                'the unintentional disclosure of personal information of '
                'County employees, including names, addresses, Social Security '
                'numbers, and other identifying information, to Wells Fargo. '
                'Approximately 8 individuals were affected by this incident.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'Social Security numbers',
                                 'other identifying information'],
            'identity_theft_risk': 'High (PII exposed)'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'County of San Diego Data Breach (2015)',
 'type': 'Data Breach (Unintentional Disclosure)'}