"Cyber-Thieves Raid Grass Valley"
A cyberattack on a city in California has resulted in the exfiltration of personal and financial data belonging to vendors, city employees, and their spouses. A notice published by Grass Valley states that an unknown attacker was able to access some of the city’s IT systems for four months last year. The city said that the attacker exploited the unauthorized access they enjoyed between April 13 and July 1, 2021, to steal data belonging to an unspecified number of individuals. Victims affected by the data breach include Grass Valley employees, former employees, spouses, dependents, and individual vendors hired by the city. Other victims include individuals whose information may have been provided to the Grass Valley Police Department and individuals whose information was provided to the Grass Valley Community Development Department in loan application documents. The information exposed during the attack was found to include social security numbers, driver’s license numbers, vendor names, and limited medical or health insurance information. For individuals whose information may have been provided to the Grass Valley Police Department, the impacted data included the name and one or more of the following: social security number, driver’s license number, financial account information, payment card information, limited medical or health insurance information, passport number and username and password credentials to an online account. Individuals who had applied for a community development loan may have had names and social security numbers, driver’s license numbers, financial account numbers, and payment card numbers compromised. Grass Valley started notifying victims of the data breach on January 7, 2022.