Cyberattackers have hit the city of Grass Valley in California, exfiltrating personal and financial data belonging to vendors, city employees, and their spouses. The City of Grass Valley released a data security notice acknowledging that an unknown actor was able to access some of the city’s internal systems for a span of four months in 2021. The city reported that the unauthorized access occurred between April and July of 2021. It is unclear how many individuals were impacted in the attack, however, the Grass Valley Police Department and Grass Valley Community Development Department were also impacted. Grass Valley stated that individuals whose information was provided to the police department and loan applications may have been exfiltrated by the attacker.
Grass Valley did not indicate the date in which it became aware of the attack, however, it does confirm that the city took immediate action to secure its network and launched an investigation alongside a cybersecurity firm. A review of which files had been accessed by the threat actor was concluded on December 1. The investigation found that personal information such as social security numbers, driver’s license numbers, health insurance information, and vendor names were exposed. Individuals who provided information to the police department saw social security numbers, drivers license numbers, payment card information, passport number, financial account information, and other sensitive data compromised.
Read More: Cyber-Thieves Raid Grass Valley