The security breach was discovered at the end of May 2022 and concluded the investigation in September.
According to the notification letter sample provided to the Maine Attorney General’s Office, over 123,500 were impacted have been impacted by the incident.
“On August 4, 2022, the City learned that certain files may have been copied and taken from the City’s network. Following this discovery, the City undertook a comprehensive review of the information potentially at issue.” reads the data breach notice.”On September 12, this review concluded, and it was determined that certain personal information for a number of individuals was within the files potentially accessed from the City’s network.”
The exposed data include name, Social Security number, driver’s license or state identification number, and passport number.
The City is already notifying the impacted individuals, and it is providing free access to credit monitoring services for one year, through Experian, to them.
The city confirms it has no evidence that the exposed information has been misused.
The city was able to quickly contain and remediate the breach after the identification of the data breach, it also announced the implementation of additional measures to improve its resilience to cyber attacks.
The City is also providing impacted individuals with guidance on how to better protect against fraudulent activities, such as identity theft and fraud.
“The City is providing individuals with information on how to place a fraud alert and security freeze on one’s credit, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.” states the letter.
(SecurityAffairs – hacking, City of Tucson)