Tucson, Arizona

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 123,000 individuals.

As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.

The threat actors had access to the network between May 17 and May 31 and might have accessed or stolen documents containing the information of 123,513 individuals.

Wiz

"On May 29, 2022, the City learned of suspicious activity involving a user's network account credential," the data breach notification reads.

"On August 4, 2022, the City learned that certain files may have been copied and taken from the City's network."

The City began notifying potentially impacted individuals on September 23 that, among the sensitive personal information exposed during the incident, the attacker could have accessed the affected individuals' names and Social Security numbers.

"On September 12, this review concluded, and the review determined that the information at issue included certain personal information," the City revealed in a separate announcement on its official website. 

"The information within the potentially accessed files included certain individuals' name, Social Security number, driver's license or state identification number, and passport number."

No evidence of personal information misuse

Notification letters sent to affected individuals also reveal no evidence was found that this personal info has been misused until now.

Those impacted by the data breach are advised to monitor their credit reports for any suspicious activity that could hint at incidents of identity theft and fraud involving their personal information.

The City is providing impacted individuals with 12 months of free access to Experian credit monitoring and identity protection services, as well as guidance on defending against identity theft.

"The City treats the security of information in its possession as an utmost priority and apologizes for any inconvenience this event may cause," the breach notification letters read.

"As part of its ongoing commitment to the security of information within its care, the City reviewing its existing policies and procedures regarding cybersecurity and evaluating additional measures and safeguards to protect against this type of event in the future."

Update: Corrected title saying 125K+ individuals were affected instead of 123K+.

tines

Automated Pentesting Covers Only 1 of 6 Surfaces.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Related Articles:

HackerOne discloses employee data breach after Navia hack

Ad tech firm Optimizely confirms data breach after vishing attack

CERT-EU: European Commission hack exposes data of 30 EU entities

Medtech giant Stryker fully operational after data-wiping attack

Dutch Finance Ministry takes treasury banking portal offline after breach