On June 14, 2017, the YMCA of San Diego County suffered a data breach due to the inadvertent emailing of an Excel spreadsheet containing highly sensitive personal information of certain employees. The exposed data included names, Social Security numbers, home addresses, dates of birth, phone numbers, salary details, former/maiden names, and disability codes. This incident was reported by the California Office of the Attorney General on July 12, 2017. The breach involved internal employee data, raising significant concerns about identity theft, financial fraud, and privacy violations. The exposed information could be exploited for malicious purposes, such as unauthorized financial transactions, targeted phishing attacks, or even blackmail. The organization faced potential reputational damage and legal repercussions due to the failure to safeguard confidential employee records. The breach underscored vulnerabilities in data handling practices, particularly in email communication and access controls for sensitive files.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-100254
TPRM report: https://www.rankiteo.com/company/ymca-of-san-diego-county
"id": "ymc012091825",
"linkid": "ymca-of-san-diego-county",
"type": "Breach",
"date": "6/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Health & Human Services',
'location': 'San Diego County, California, USA',
'name': 'YMCA of San Diego County',
'type': 'Non-profit Organization'}],
'attack_vector': 'Human Error (Inadvertent Email)',
'data_breach': {'data_exfiltration': 'Yes (via inadvertent email)',
'file_types_exposed': ['Excel Spreadsheet (.xlsx or .xls)'],
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Addresses',
'Dates of birth',
'Phone numbers',
'Former/Maiden names'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employment Records']},
'date_detected': '2017-06-14',
'date_publicly_disclosed': '2017-07-12',
'description': 'The California Office of the Attorney General reported that '
'the YMCA of San Diego County experienced a data breach on '
'June 14, 2017, involving the inadvertent email of an Excel '
'spreadsheet containing personal information of certain '
'employees. The compromised information included names, Social '
'Security numbers, addresses, dates of birth, phone numbers, '
'salaries, former/maiden names, and disability codes.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Addresses',
'Dates of birth',
'Phone numbers',
'Salaries',
'Former/Maiden names',
'Disability codes'],
'identity_theft_risk': 'High (PII exposed)'},
'post_incident_analysis': {'root_causes': 'Human error (inadvertent email of '
'sensitive spreadsheet)'},
'references': [{'date_accessed': '2017-07-12',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'YMCA of San Diego County Data Breach (2017)',
'type': 'Data Breach'}