Central Valley Regional Center (“CVRC”) in California has become aware of a data security incident that may have involved the personal and protected health information of some of the individuals it serves.
CVRC is now sending notification letters to the potentially impacted individuals to notify them of this incident and to provide resources to assist them in protecting their information.
On July 29, 2019, CVRC learned that an unauthorised third party may have gained access to an employee’s email account. Once discovered, CVRC disabled access to the account, immediately began an investigation, and engaged a computer forensics firm to determine the scope of the incident.
Based on the results of the investigation and the computer forensic firm’s findings, it was determined that CVRC employee email accounts were subject to unauthorised access on July 25–August 2, 2019. On August 12th, 2019, the investigation first revealed that data containing individuals’ personal information within one or more email accounts may have also been affected.
This information may have included individuals’ names, addresses and contact information, dates of birth, dates of death, social security numbers, driver’s license information, state identification card or other government identification numbers, Medi-Cal numbers, UCI numbers, and/or medical or health information or health insurance information.
For a limited number of individuals, taxpayer identification numbers, financial account or payment card information, PINs or other access codes, account passwords, usernames, email addresses or electronic identifiers and the means to access the related accounts, and/or IRS PINs may have also been affected.
CRVC completed a thorough review of the affected accounts to determine whose personal information may have been impacted by the data incident, and to provide notification to those affected.
CVRC is now providing letters to affected individuals within the coming days to notify them of in the incident. Notification letters will include information about the incident and steps that potentially impacted individuals can take to monitor and protect their personal information.
The post #Privacy: California’s Central Valley Regional Centre suffers data breach appeared first on PrivSec Report.