City of Tucson discloses data breach affecting over 123,000 people

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 123,000 individuals.

As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.

The threat actors had access to the network between May 17 and May 31 and might have accessed or stolen documents containing the information of 123,513 individuals.

"On May 29, 2022, the City learned of suspicious activity involving a user's network account credential," the data breach notification reads.

"On August 4, 2022, the City learned that certain files may have been copied and taken from the City's network."

The City began notifying potentially impacted individuals on September 23 that, among the sensitive personal information exposed during the incident, the attacker could have accessed the affected individuals' names and Social Security numbers.

"On September 12, this review concluded, and the review determined that the information at issue included certain personal information," the City revealed in a separate announcement on its official website. 

"The information within the potentially accessed files included certain individuals' name, Social Security number, driver's license or state identification number, and passport number."

No evidence of personal information misuse

Notification letters sent to affected individuals also reveal no evidence was found that this personal info has been misused until now.

Those impacted by the data breach are advised to monitor their credit reports for any suspicious activity that could hint at incidents of identity theft and fraud involving their personal information.

The City is providing impacted individuals with 12 months of free access to Experian credit monitoring and identity protection services, as well as guidance on defending against identity theft.

"The City treats the security of information in its possession as an utmost priority and apologizes for any inconvenience this event may cause," the breach notification letters read.

"As part of its ongoing commitment to the security of information within its care, the City reviewing its existing policies and procedures regarding cybersecurity and evaluating additional measures and safeguards to protect against this type of event in the future."