California Department of Health Care Services Company CyberSecurity Posture
linktr.ee
The California Department of Health Care Services (DHCS) is the backbone of California’s health care safety net, helping millions of low-income and disabled Californians every day. The department is dedicated to providing Californians with access to affordable, high-quality health care, including medical, dental, mental health, substance use disorder services, and long-term care services. DHCS is a dynamic department with ambitious goals and a talented, committed staff. We work hard each day to fulfill our vital responsibility to support the delivery of quality health care to Californians. Our department constantly seeks highly-qualified candidates. Visit our website for more career opportunity resources: https://www.dhcs.ca.gov/services/admin/jobs/Pages/default.aspx For additional information regarding examinations and how to obtain a job in State service, please visit: www.jobs.ca.gov
Company Details
california-department-of-health-care-services
2,330
34,278
92
linktr.ee
0
CAL_1538968
In-progress
CDHCS Risk Score (AI oriented)Between 700 and 749
CDHCS Global Score (TPRM)XXXX
Description: The California Department of Motor Vehicles (CA DMV) reported a data breach on November 6, 2015, involving an erroneous disclosure of personal information on September 28, 2015. The breach affected the Riverside Probation Department and involved the accidental transmission of names, dates of birth, physical descriptions, and driver license numbers, but did not include Social Security Numbers.
Description: Seven government agencies now have access to some drivers' Social Security numbers thanks to a data breach at the California Department of Motor Vehicles. According to the organisation, the breach had an impact on 3,200 people for at least the previous four years. The DMV says that it was not hacked and that no private persons or organisations received the information. According to the DMV, steps were taken right away to fix the access issue and make sure that no further private information was leaked.
Description: On May 11, 2021, the California Department of State Hospitals reported a data breach involving improper access to personal information. The breach, discovered on April 13, 2021, affected 1,415 patient names, COVID-19 test results, and health information, as well as the personal information of approximately 1,735 employees and job applicants. Details about the specific method of breach are not provided.
Description: The California Department of State Hospitals reported a data breach on April 5, 2021, involving improper access to personal information of approximately 1,735 employees and former employees, as well as 1,217 job applicants. The breach was discovered during an investigation initiated on February 25, 2021, with no evidence of misuse of the compromised information.
Description: The California Department of State Hospitals reported a data breach on May 24, 2013, involving the unauthorized disclosure of Social Security Numbers and other personal information of employees due to a security incident on May 8, 2013. The information was available on the intranet for approximately 6 hours, affecting an unknown number of individuals. The breach was made public through a notification letter, which provided recommendations for identity theft protection.
Description: The California Department of State Hospitals – Coalinga reported a data breach on September 3, 2021. The breach involved unauthorized disclosure of patient information to the United States District Court, which occurred on or around August 12, 2021. The specific types of compromised information included names, case numbers, birth dates, legal commitments, admission dates, unit numbers, and genders of patients, but did not include Social Security numbers or financial account numbers.
Description: The California Office of the Attorney General reported a data breach involving the Department of State Hospitals (DSH) on February 28, 2024. The breach, discovered on February 15, 2024, involved the unauthorized dissemination of Leave and Activity Balance reports containing confidential information, including full social security numbers and names. Approximately 1,000 individuals were affected by this incident.
Description: The California Department of State Hospitals experienced a data breach in early 2021, where unauthorized access to sensitive information was detected on **February 25, 2021**, though the breach spanned from **November 6, 2020, to February 5, 2021**. The incident compromised the data of **1,415 patients and 617 employees**, exposing **COVID-19 test results and health-related details**. However, no **Social Security numbers or financial information** were accessed. The breach involved improper access to both **patient and employee records**, raising concerns over privacy violations and potential misuse of medical data. While the exact method of unauthorized access was not disclosed, the exposure of health information—even without financial identifiers—poses risks of identity profiling, targeted phishing, or reputational harm to the affected individuals and the institution. The department took steps to investigate and mitigate the breach, though the long-term consequences for those impacted remain uncertain.
Description: The California Department of Child Support Services reported a potential disclosure of personal information on May 6, 2014. The breach occurred on April 7, 2014, when letters from the Solano County Department of Child Support Services were misplaced during transport. The exact number of individuals affected is unknown, and the types of information compromised are not specified.
Description: The California Department of Child Support Services reported a data breach on January 14, 2025, involving the inadvertent emailing of personal information to a personal email account. The breach affected individuals' first names, last names, dates of birth, addresses, driver’s license numbers, and social security numbers. This incident highlights the vulnerability of sensitive personal data and the potential consequences of such breaches on individuals' privacy and security.
Description: The California Office of the Attorney General reported a data breach involving the California Department of Child Support Services (DCSS) on September 13, 2022. The breach occurred on or around March 8, 2022, when an employee sent an email to their personal account containing personal information, including individuals' names, IRS Tax Intercept amounts, and IRS collection sources. The total number of affected individuals is currently unknown.
Description: On March 29, 2012, the California Department of Child Support Services reported a data breach involving missing storage devices that potentially contained personal information of parents, caregivers, and children. The breach occurred on March 12, 2012, and involved personal information such as names, addresses, Social Security numbers, and health insurance details. The agency is working with International Business Machines (IBM) and Iron Mountain Inc. to locate the missing devices.
Description: The Finance Department for the state of California was a recent target of Lockbit, the notorious Russian-linked ransomware group. The group allegedly posted on the dark web to threaten them that if the ransom demands aren’t met by December 24, they will leak the stolen data. The hackers also published online the number of directories and files that contained over 246,000 files and over 114,000 folders totalling 75.3GB of data, as displayed in the properties dialogue. However, an initial access broker (IAB) was offering a way past the department’s cyber defences for $30,000 per breached server.
Description: The California Department of Health Care Services (DHCS) reported a data breach involving the erroneous mailing of Beneficiary Identification Cards (BIC) due to a computer programming error. The breach occurred between December 10 and December 18, 2012, potentially affecting an unknown number of individuals, with exposed information including names, Client Index Numbers, dates of birth, and genders. Affected parties were informed on December 21, 2012, and a new card was to be issued by January 1, 2013.
Description: The California Department of Health Care Services (DHCS) reported a privacy incident on December 5, 2012, involving the exposure of Social Security numbers (SSNs) of In-Home Supportive Services (IHSS) providers. The breach occurred on November 5, 2012, when lists of Medi-Cal providers were posted online, inadvertently including an SSN in a non-standard format. The number of affected individuals is unknown.
Description: The California Department of Health Care Services (DHCS) reported a data breach on March 20, 2023, related to a security incident involving a subcontractor, Advanced Image Direct (AID), that occurred on January 12, 2023. The breach potentially exposed personal information, including names, addresses, county case numbers, dates of birth, and the last four digits of Social Security Numbers (SSNs). Approximately 1,500 individuals are reported to have been affected.
Description: The California Department of Justice experienced a data breach on **June 27, 2022**, involving the unauthorized disclosure of sensitive personal information. The incident primarily affected approximately **100 individuals** holding **concealed carry weapons (CCW) permits**. The exposed data included **names, dates of birth, residential addresses, and CCW license numbers**—information that, if misused, could pose significant privacy and security risks to the affected individuals. The breach raises concerns about potential **identity theft, targeted harassment, or physical safety threats** for permit holders, given the sensitive nature of the leaked data. While the exact cause of the breach (e.g., insider threat, system vulnerability, or external cyberattack) was not specified in the report, the exposure of such regulated information underscores critical lapses in data protection protocols within a **government law enforcement agency**. The incident highlights the broader implications of **mishandling firearm-related records**, which are subject to strict confidentiality laws in many jurisdictions. The breach not only erodes public trust in the agency’s ability to safeguard sensitive data but also may lead to **legal repercussions, reputational damage, and heightened scrutiny** over its cybersecurity practices.
Description: The California Department of Justice reported on May 11, 2012, that hackers affiliated with Anonymous accessed private email accounts of a retired agent from the Computer and Technology Crime High-Tech Response Team (CATCH) in November 2011. The breach potentially exposed personal information, including names and financial account information, although the exact number of individuals affected and specific details regarding the breach are unknown.
Description: The California Department of Public Health reported a data breach on May 8, 2012, involving the theft of a survey binder containing personal and medical information after it was left in an unattended vehicle. Approximately 1 individual was affected, and the compromised information included name, date of birth, age, medications, room number, and medical record number.
Description: The California Department of Public Health (CDPH) reported a data breach on May 8, 2013, involving a roll of microfiche containing approximately 2,000 birth records from 1974 found at an unsecure non-State location. The affected records include names, addresses, Social Security numbers, and some medical information, potentially impacting around 6,000 individuals born in specific months and counties in California.
Description: The California Department of Public Health reported a data breach involving the Women, Infants, and Children (WIC) Program on September 26, 2013. The breach occurred on August 20, 2013, when a Madera County WIC employee mistakenly disclosed personal and medical information, including names and expected delivery dates, to another participant. The number of individuals affected is unknown.
Description: The sensitive medical information of citizens of California was exposed by a misconfigured database managed by the California Department of Public Health. The misconfiguration resulted from an error made by a third-party contractor and led to the breach of names, dates of birth, addresses, and Covid-19-related health information of the citizens. The department set up a dedicated call center to help out the people of California affected by the breach.
Description: On May 23, 2018, the California Department of Public Health (CDPH) reported a data breach that occurred on March 12, 2018, involving the theft of documents and a laptop from a contractor's vehicle. This incident potentially exposed personal and health information such as names, Social Security numbers, and health insurance information. The breach highlights the vulnerability of sensitive data when handled by third-party contractors and the importance of robust security measures to protect personal information.
Description: On January 9, 2019, the California Department of Rehabilitation suffered a data breach involving an exposed spreadsheet containing sensitive employee information. The compromised data included employee names and Social Security numbers, affecting approximately 12 individuals. The breach was reported to the California Office of the Attorney General on January 25, 2019. In response, the Department took corrective action by offering credit monitoring services to the impacted employees to mitigate potential risks such as identity theft or financial fraud. The incident highlighted vulnerabilities in the handling of personally identifiable information (PII) within the organization, raising concerns about internal data protection protocols and the safeguarding of employee records against unauthorized access or disclosure.
Description: The California Office of the Attorney General reported a data breach involving the Department of Rehabilitation on December 7, 2017. The breach occurred on November 22, 2017, when a file containing personal information, specifically names and social security numbers, was inadvertently emailed without encryption to an outside entity. The number of individuals affected is currently unknown.
Description: The California Department of Social Services (CDSS) reported a data breach involving the unauthorized release of personal information on July 17, 2014. The breach, which occurred on July 16, 2014, involved accidentally discarded confidential documents that may have contained names, mailing addresses, dates of birth, and Social Security numbers. The number of individuals affected is currently unknown.
Description: The California Department of Social Services reported a data breach on February 16, 2023, involving an incident that occurred on January 6, 2023. An employee emailed a document containing personal information, including names and Social Security numbers, to a personal account. The breach potentially affected an unspecified number of individuals. Corrective actions have been implemented to minimize future risks.
Description: On August 19, 2022, the California Department of Social Services (CDSS) reported a data breach that occurred on August 11, 2022. An email containing personal information, including names and Social Security numbers (SSN), was sent to unauthorized individuals. The total number of individuals affected is currently unknown.
Description: The California Department of Social Services (CDSS) reported a data breach involving the Sun Bucks Program on October 3, 2024. The breach, which involved unauthorized access to case information in the ebtEDGE Web Admin platform, was discovered on July 19, 2024, and affected personal information including children's names, addresses, dates of birth, card numbers, and EBT account numbers. The number of individuals affected is not specified.
Description: On **May 1, 2012**, the **California Department of Social Services (CDSS)** experienced a **security breach** involving the **In Home Supportive Services (IHSS) program**. The incident occurred during the transit of a package containing **personal information**, which was found **damaged** upon arrival, with some contents confirmed as **missing**. The exact number of affected individuals and the specific types of compromised data (e.g., names, Social Security numbers, medical records, or financial details) remain **undisclosed**.The breach highlights a **physical security failure** in safeguarding sensitive data during transportation, exposing participants of the IHSS program—who often include vulnerable populations such as elderly or disabled individuals—to potential risks like **identity theft, fraud, or unauthorized access to personal details**. While no evidence of malicious exploitation was reported, the **unknown scope of the leak** and the **sensitive nature of the program’s data** raise concerns about long-term repercussions for those impacted. The incident underscores the need for stricter **data handling protocols**, especially for government agencies managing high-risk personal information.
No incidents recorded for California Department of Health Care Services in 2025.
No incidents recorded for California Department of Health Care Services in 2025.
No incidents recorded for California Department of Health Care Services in 2025.
CDHCS cyber incidents detection timeline including parent company and subsidiaries
The California Department of Health Care Services (DHCS) is the backbone of California’s health care safety net, helping millions of low-income and disabled Californians every day. The department is dedicated to providing Californians with access to affordable, high-quality health care, including medical, dental, mental health, substance use disorder services, and long-term care services. DHCS is a dynamic department with ambitious goals and a talented, committed staff. We work hard each day to fulfill our vital responsibility to support the delivery of quality health care to Californians. Our department constantly seeks highly-qualified candidates. Visit our website for more career opportunity resources: https://www.dhcs.ca.gov/services/admin/jobs/Pages/default.aspx For additional information regarding examinations and how to obtain a job in State service, please visit: www.jobs.ca.gov
With a workforce of 30,000 people, and opportunities in 1,000 different job categories, the City of Philadelphia is one of the largest employers in Southeastern Pennsylvania. As an employer, we operate through the guiding principles of service, integrity, respect, accountability, collaboration, dive
Working for Switzerland Seven departments, the Federal Chancellery and around 70 administrative units make up the Federal Administration. With around 38,000 employees, it is one of the largest employers in Switzerland. People from all regions of the country work in the Federal Administration un
INSTITUTO DE SEGURIDAD Y SERVICIOS SOCIALES DE LOS TRABAJADORES DEL ESTADO. ES UN ORGANISMOS PÚBLICO QUE OTORGA SERVICIOS DE SALUD, PENSIONES, VIVIENDA, PRÉSTAMOS, ESTANCIAS INFANTILES, TURISMO, CULTURA, RECREACION, DEPORTE; CUYOS AFILIADOS SON TRABAJADORES DE DEPENDENCIAS GUBERNAMENTALES, CON DERE
The United States Department of Agriculture is the United States federal executive department responsible for developing and executing U.S. federal government policy on farming, agriculture, and food. It aims to meet the needs of farmers and ranchers, promote agricultural trade and production, work
Welcome to the official WA Government page where you can stay up to date on the latest information about Western Australia and WA government initiatives. Questions relating to a specific activity within the WA Government should be referred to the relevant Department or Minister’s Office for a re
The City of Los Angeles employs more than 45,000 people in a wide range of careers. Visit our website for information on current openings, including regular civil service positions, exempt and emergency appointment opportunities, in addition to internships! The City of Los Angeles is a Mayor-Counci
Travailler dans la fonction publique du Québec, c'est plus qu'une carrière! Réparti(e)s dans une vingtaine de ministères et une soixantaine d'organismes à travers le Québec, tous les gestes posés par les employé(e)s de la fonction publique façonnent l’avenir de la société et contribuent à améliorer
Maryland is on the path to becoming the best state in the nation. Referred to as “America in Miniature”, Maryland embodies the very spirit of the United States. Maryland is home to ethnic groups of every origin, just about every natural feature, and much like our country, opportunity! If you are
The OFFICIAL careers page for the South Australian Government. The South Australian Public Sector is the State's largest workforce. We are an employer of choice that reflects the diverse community we serve. Our people are from a range of backgrounds and vocations, from entry level, mid-career and
.png)
Since it was created in 2018, the federal government's cybersecurity agency has helped warn state and local election officials about...
Our commitment to audit quality. At EY US, we are bringing our bold vision for the future of audit to life with quality at the center,...
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS)...
Cyber resiliency analyst Jonathon Guthrie unspools 150 feet of ethernet cable across a lawn on the campus of the University of California...
On September 23, 2025, the California Office of Administrative Law (OAL) approved regulations under the California Consumer Privacy Act...
October is National Cybersecurity Awareness Month, and a great reminder for everyone to participate in growing security awareness!
GREENWIRE | SACRAMENTO, California — California will halve its production of steelhead trout and chinook salmon at a major fish hatchery...
The governor fired the top California cybersecurity official. He says the people who oversaw him were unqualified.
In 2019, the US data privacy framework changed significantly with the emergence of the California Consumer Privacy Act which created a...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of California Department of Health Care Services is https://linktr.ee/DHCS_CA.
According to Rankiteo, California Department of Health Care Services’s AI-generated cybersecurity score is 717, reflecting their Moderate security posture.
According to Rankiteo, California Department of Health Care Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, California Department of Health Care Services is not certified under SOC 2 Type 1.
According to Rankiteo, California Department of Health Care Services does not hold a SOC 2 Type 2 certification.
According to Rankiteo, California Department of Health Care Services is not listed as GDPR compliant.
According to Rankiteo, California Department of Health Care Services does not currently maintain PCI DSS compliance.
According to Rankiteo, California Department of Health Care Services is not compliant with HIPAA regulations.
According to Rankiteo,California Department of Health Care Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
California Department of Health Care Services operates primarily in the Government Administration industry.
California Department of Health Care Services employs approximately 2,330 people worldwide.
California Department of Health Care Services presently has no subsidiaries across any sectors.
California Department of Health Care Services’s official LinkedIn profile has approximately 34,278 followers.
California Department of Health Care Services is classified under the NAICS code 92, which corresponds to Public Administration.
No, California Department of Health Care Services does not have a profile on Crunchbase.
Yes, California Department of Health Care Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/california-department-of-health-care-services.
As of December 12, 2025, Rankiteo reports that California Department of Health Care Services has experienced 30 cybersecurity incidents.
California Department of Health Care Services has an estimated 11,522 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Ransomware and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an recovery measures with dedicated call center set up to help affected individuals, and containment measures with steps were taken right away to fix the access issue, and remediation measures with corrective actions implemented, and remediation measures with issuing new beneficiary identification cards, and communication strategy with informing affected parties, and third party assistance with international business machines (ibm), third party assistance with iron mountain inc., and communication strategy with notification letter with recommendations for identity theft protection, and recovery measures with credit monitoring services offered to affected individuals, and communication strategy with public disclosure on 2012-05-11, and communication strategy with public disclosure on march 17, 2021..
Title: California Department of Public Health Data Breach
Description: The sensitive medical information of citizens of California was exposed by a misconfigured database managed by the California Department of Public Health. The misconfiguration resulted from an error made by a third-party contractor and led to the breach of names, dates of birth, addresses, and Covid-19-related health information of the citizens. The department set up a dedicated call center to help out the people of California affected by the breach.
Type: Data Breach
Attack Vector: Misconfigured Database
Vulnerability Exploited: Error by a third-party contractor
Title: Ransomware Attack on California Finance Department
Description: The Finance Department for the state of California was targeted by Lockbit, a Russian-linked ransomware group. The group threatened to leak stolen data if ransom demands weren't met by December 24. The hackers published details of the stolen data, including 246,000 files and 114,000 folders totaling 75.3GB. An initial access broker was offering access to the department's cyber defenses for $30,000 per breached server.
Type: Ransomware
Threat Actor: Lockbit
Motivation: Financial
Title: California DMV Data Breach
Description: Seven government agencies now have access to some drivers' Social Security numbers thanks to a data breach at the California Department of Motor Vehicles.
Type: Data Breach
Title: California Department of Social Services Data Breach
Description: A document containing personal information, including names and Social Security numbers, was emailed to a personal account by an employee.
Date Detected: 2023-02-16
Date Publicly Disclosed: 2023-02-16
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Threat Actor: Internal Employee
Motivation: Accidental
Title: California Department of Social Services Data Breach
Description: The California Department of Social Services (CDSS) reported a data breach involving unauthorized release of personal information on July 17, 2014. The breach, which occurred on July 16, 2014, involved accidentally discarded confidential documents that may have contained names, mailing addresses, dates of birth, and Social Security numbers. The number of individuals affected is currently unknown.
Date Detected: 2014-07-17
Date Publicly Disclosed: 2014-07-17
Type: Data Breach
Attack Vector: Accidental Discard of Confidential Documents
Title: CA DMV Data Breach
Description: The California Department of Motor Vehicles (CA DMV) reported a data breach on November 6, 2015, involving an erroneous disclosure of personal information on September 28, 2015. The breach affected the Riverside Probation Department and involved the accidental transmission of names, dates of birth, physical descriptions, and driver license numbers, but did not include Social Security Numbers.
Date Detected: 2015-11-06
Date Publicly Disclosed: 2015-11-06
Type: Data Breach
Attack Vector: Erroneous Disclosure
Title: California DHCS Data Breach
Description: The California Department of Health Care Services (DHCS) reported a data breach involving the erroneous mailing of Beneficiary Identification Cards (BIC) due to a computer programming error.
Date Detected: 2012-12-21
Date Resolved: 2013-01-01
Type: Data Breach
Attack Vector: Computer Programming Error
Vulnerability Exploited: Computer Programming Error
Title: California Department of Child Support Services Data Breach
Description: The California Department of Child Support Services reported a data breach involving missing storage devices that potentially contained personal information of parents, caregivers, and children.
Date Detected: 2012-03-29
Type: Data Breach
Attack Vector: Physical Theft/Loss
Title: Data Breach at California Department of Child Support Services
Description: An employee sent an email to their personal account containing personal information, including individuals' names, IRS Tax Intercept amounts, and IRS collection sources.
Date Detected: 2022-09-13
Date Publicly Disclosed: 2022-09-13
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Threat Actor: Internal Employee
Title: Data Breach at California Department of Public Health
Description: Theft of documents and a laptop from a contractor's vehicle, potentially exposing personal and health information.
Date Detected: 2018-05-23
Date Publicly Disclosed: 2018-05-23
Type: Data Breach
Attack Vector: Physical Theft
Title: California Department of Justice Email Breach
Description: Hackers affiliated with Anonymous accessed private email accounts of a retired agent from the Computer and Technology Crime High-Tech Response Team (CATCH) in November 2011.
Date Detected: 2011-11-01
Date Publicly Disclosed: 2012-05-11
Type: Data Breach
Attack Vector: Email Compromise
Threat Actor: Anonymous
Title: Data Breach at California Department of Health Care Services
Description: The California Department of Health Care Services (DHCS) reported a data breach on March 20, 2023, related to a security incident involving a subcontractor, Advanced Image Direct (AID), that occurred on January 12, 2023. The breach potentially exposed personal information, including names, addresses, county case numbers, dates of birth, and the last four digits of Social Security Numbers (SSNs). Approximately 1,500 individuals are reported to have been affected.
Date Detected: 2023-01-12
Date Publicly Disclosed: 2023-03-20
Type: Data Breach
Title: Data Breach at California Department of Rehabilitation
Description: The California Office of the Attorney General reported a data breach involving the Department of Rehabilitation on December 7, 2017. The breach occurred on November 22, 2017, when a file containing personal information, specifically names and social security numbers, was inadvertently emailed without encryption to an outside entity. The number of individuals affected is currently unknown.
Date Detected: 2017-11-22
Date Publicly Disclosed: 2017-12-07
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Unencrypted Email
Title: California Department of Social Services Data Breach
Description: The California Department of Social Services (CDSS) reported a data breach involving the Sun Bucks Program on October 3, 2024. The breach, which involved unauthorized access to case information in the ebtEDGE Web Admin platform, was discovered on July 19, 2024, and affected personal information including children's names, addresses, dates of birth, card numbers, and EBT account numbers. The number of individuals affected is not specified.
Date Detected: 2024-07-19
Date Publicly Disclosed: 2024-10-03
Type: Data Breach
Attack Vector: Unauthorized Access
Title: California Department of State Hospitals Data Breach
Description: A data breach involving improper access to personal information was reported by the California Department of State Hospitals.
Date Detected: 2021-04-13
Date Publicly Disclosed: 2021-05-11
Type: Data Breach
Title: California Department of State Hospitals Data Breach
Description: Unauthorized disclosure of Social Security Numbers and other personal information of employees due to a security incident.
Date Detected: 2013-05-08
Date Publicly Disclosed: 2013-05-24
Type: Data Breach
Title: California DHCS Privacy Incident
Description: The California Department of Health Care Services (DHCS) reported a privacy incident on December 5, 2012, involving the exposure of Social Security numbers (SSNs) of In-Home Supportive Services (IHSS) providers. The breach occurred on November 5, 2012, when lists of Medi-Cal providers were posted online, inadvertently including an SSN in a non-standard format. The number of affected individuals is unknown.
Date Detected: 2012-11-05
Date Publicly Disclosed: 2012-12-05
Type: Data Breach
Attack Vector: Inadvertent Exposure
Vulnerability Exploited: Data Handling Error
Title: California Department of Public Health Data Breach
Description: The California Department of Public Health (CDPH) reported a data breach on May 8, 2013, involving a roll of microfiche containing approximately 2,000 birth records from 1974 found at an unsecure non-State location. The affected records include names, addresses, Social Security numbers, and some medical information, potentially impacting around 6,000 individuals born in specific months and counties in California.
Date Detected: 2013-05-08
Date Publicly Disclosed: 2013-05-08
Type: Data Breach
Title: California Department of Social Services Data Breach
Description: An email containing personal information, including names and Social Security numbers (SSN), was sent to unauthorized individuals.
Date Detected: 2022-08-19
Date Publicly Disclosed: 2022-08-19
Type: Data Breach
Attack Vector: Email
Title: California Department of Public Health Data Breach
Description: The California Department of Public Health reported a data breach involving the theft of a survey binder containing personal and medical information after it was left in an unattended vehicle.
Date Detected: 2012-05-08
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Unattended Vehicle
Title: Potential Disclosure of Personal Information by California Department of Child Support Services
Description: The California Department of Child Support Services reported a potential disclosure of personal information on May 6, 2014. The breach occurred on April 7, 2014, when letters from the Solano County Department of Child Support Services were misplaced during transport. The exact number of individuals affected is unknown, and the types of information compromised are not specified.
Date Detected: 2014-05-06
Date Publicly Disclosed: 2014-05-06
Type: Data Breach
Attack Vector: Physical Theft/Loss
Title: Data Breach at Department of State Hospitals
Description: The California Office of the Attorney General reported a data breach involving the Department of State Hospitals (DSH) on February 28, 2024. The breach, discovered on February 15, 2024, involved the unauthorized dissemination of Leave and Activity Balance reports containing confidential information, including full social security numbers and names. Approximately 1,000 individuals were affected by this incident.
Date Detected: 2024-02-15
Date Publicly Disclosed: 2024-02-28
Type: Data Breach
Attack Vector: Unauthorized Dissemination
Title: California Department of State Hospitals – Coalinga Data Breach
Description: The California Department of State Hospitals – Coalinga reported a data breach involving unauthorized disclosure of patient information to the United States District Court.
Date Detected: 2021-09-03
Date Publicly Disclosed: 2021-09-03
Type: Data Breach
Attack Vector: Unauthorized Disclosure
Title: California Department of Child Support Services Data Breach
Description: The California Department of Child Support Services reported a data breach that occurred on January 14, 2025, involving the inadvertent emailing of personal information to a personal email account. The breach affected individuals' first names, last names, dates of birth, addresses, driver’s license numbers, and social security numbers.
Date Detected: 2025-01-14
Type: Data Breach
Attack Vector: Inadvertent Email
Title: California Department of State Hospitals Data Breach
Description: The California Department of State Hospitals reported a data breach on April 5, 2021, involving improper access to personal information of approximately 1,735 employees and former employees, as well as 1,217 job applicants. The breach was discovered during an investigation initiated on February 25, 2021, with no evidence of misuse of the compromised information.
Date Detected: 2021-02-25
Date Publicly Disclosed: 2021-04-05
Type: Data Breach
Title: California Department of Public Health WIC Program Data Breach
Description: The California Department of Public Health reported a data breach involving the Women, Infants, and Children (WIC) Program on September 26, 2013. The breach occurred on August 20, 2013, when a Madera County WIC employee mistakenly disclosed personal and medical information, including names and expected delivery dates, to another participant. The number of individuals affected is unknown.
Date Detected: 2013-08-20
Date Publicly Disclosed: 2013-09-26
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Mistaken Disclosure
Threat Actor: Internal Employee
Motivation: Accidental
Title: California Department of Rehabilitation Data Breach (2019)
Description: The California Office of the Attorney General reported that the Department of Rehabilitation experienced a data breach involving a spreadsheet that included employee names and Social Security numbers. Approximately 12 individuals were affected, and the Department offered credit monitoring services to those impacted.
Date Detected: 2019-01-09
Date Publicly Disclosed: 2019-01-25
Type: Data Breach
Title: California Department of Social Services IHSS Data Breach (2012)
Description: The California Department of Social Services reported a security incident involving personal information relating to the In Home Supportive Services program (IHSS). The breach occurred during transit when a package containing personal information was damaged, with some contents determined missing. The number of individuals affected and specific types of information compromised are unknown.
Date Detected: 2012-05-11
Date Publicly Disclosed: 2012-05-11
Type: Data Breach (Physical Loss/Theft)
Attack Vector: Physical Theft/Loss During Transit
Title: California Department of Justice CCW Permit Data Breach
Description: The California Department of Justice reported a data breach involving the unauthorized release of personal information primarily related to individuals with concealed carry weapons (CCW) permits. Exposed data included names, dates of birth, addresses, and CCW license numbers, affecting approximately 100 individuals.
Date Detected: 2022-06-27
Date Publicly Disclosed: 2022-06-27
Type: Data Breach
Title: California Department of State Hospitals Data Breach (2021)
Description: The California Department of State Hospitals reported a data breach involving improper access to patient and employee data. The breach affected approximately 1,415 patients and 617 employees, potentially exposing COVID-19 test results and health information but no Social Security numbers or financial information. The breach occurred over multiple dates between November 6, 2020, and February 5, 2021, and was identified on February 25, 2021.
Date Detected: 2021-02-25
Date Publicly Disclosed: 2021-03-17
Type: Data Breach (Unauthorized Access)
Common Attack Types: The most common types of attacks the company has faced is Breach.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Data Compromised: Names, Dates of birth, Addresses, Covid-19-related health information
Data Compromised: 246,000 files and 114,000 folders totaling 75.3GB
Data Compromised: Social security numbers
Data Compromised: Names, Social security numbers
Data Compromised: Names, Mailing addresses, Dates of birth, Social security numbers
Data Compromised: Names, Dates of birth, Physical descriptions, Driver license numbers
Data Compromised: Names, Client index numbers, Dates of birth, Genders
Data Compromised: Names, Addresses, Social security numbers, Health insurance details
Data Compromised: Individuals' names, Irs tax intercept amounts, Irs collection sources
Data Compromised: Names, Social security numbers, Health insurance information
Data Compromised: Names, Financial account information
Data Compromised: Names, Addresses, County case numbers, Dates of birth, Last four digits of ssns
Data Compromised: Names, Social security numbers
Data Compromised: Children's names, Addresses, Dates of birth, Card numbers, Ebt account numbers
Systems Affected: ebtEDGE Web Admin platform
Data Compromised: Patient names, Covid-19 test results, Health information, Personal information of employees and job applicants
Data Compromised: Social security numbers, Other personal information
Identity Theft Risk: High
Data Compromised: Social security numbers
Data Compromised: Names, Addresses, Social security numbers, Medical information
Data Compromised: Names, Social security numbers (ssn)
Data Compromised: Name, Date of birth, Age, Medications, Room number, Medical record number
Data Compromised: Full social security numbers, Names
Data Compromised: Names, Case numbers, Birth dates, Legal commitments, Admission dates, Unit numbers, Genders
Data Compromised: First names, Last names, Dates of birth, Addresses, Driver’s license numbers, Social security numbers
Data Compromised: Personal information
Data Compromised: Personal information, Medical information
Data Compromised: Employee names, Social security numbers
Identity Theft Risk: High (SSNs exposed)
Brand Reputation Impact: Potential (unknown scale)
Identity Theft Risk: Potential (unknown scale)
Data Compromised: Names, Dates of birth, Addresses, Ccw license numbers
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive permit holder data
Identity Theft Risk: High (due to exposure of PII including names, DOBs, and addresses)
Data Compromised: Covid-19 test results, Health information
Identity Theft Risk: Low (no SSNs or financial data exposed)
Payment Information Risk: None
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Dates Of Birth, Addresses, Covid-19-Related Health Information, , Social Security numbers, Personal Information, , Names, Mailing Addresses, Dates Of Birth, Social Security Numbers, , Names, Dates Of Birth, Physical Descriptions, Driver License Numbers, , Names, Client Index Numbers, Dates Of Birth, Genders, , Personal Information, , Individuals' Names, Irs Tax Intercept Amounts, Irs Collection Sources, , Personal Information, Health Information, , Names, Financial Account Information, , Names, Addresses, County Case Numbers, Dates Of Birth, Last Four Digits Of Ssns, , Names, Social Security Numbers, , Personal Information, , Patient Names, Covid-19 Test Results, Health Information, Personal Information Of Employees And Job Applicants, , Social Security Numbers, Other Personal Information, , Social Security numbers, Names, Addresses, Social Security Numbers, Medical Information, , Names, Social Security Numbers (Ssn), , Personal Information, Medical Information, , Full Social Security Numbers, Names, , Names, Case Numbers, Birth Dates, Legal Commitments, Admission Dates, Unit Numbers, Genders, , First Names, Last Names, Dates Of Birth, Addresses, Driver’S License Numbers, Social Security Numbers, , Personal Information, , Personal Information, Medical Information, , Personally Identifiable Information (Pii), , Personal Information (specific types unknown), Personally Identifiable Information (Pii), License/Permit Data, , Covid-19 Test Results, Health Information and .
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: Citizens of California
Entity Name: Finance Department for the state of California
Entity Type: Government
Industry: Public Administration
Location: California
Entity Name: California Department of Motor Vehicles
Entity Type: Government Agency
Industry: Government
Location: California, USA
Customers Affected: 3200
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Customers Affected: Unspecified number of individuals
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Sector
Location: California, USA
Entity Name: Riverside Probation Department
Entity Type: Government Agency
Industry: Law Enforcement
Location: Riverside, California
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: Unknown
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Entity Name: California Department of Justice
Entity Type: Government Agency
Industry: Law Enforcement
Location: California, USA
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 1500
Entity Name: California Department of Rehabilitation
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Social Services
Location: California
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California
Customers Affected: 1,415 patients, 1,735 employees and job applicants
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California, USA
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: 6000
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 1
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: Department of State Hospitals
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: 1000
Entity Name: California Department of State Hospitals – Coalinga
Entity Type: Government
Industry: Healthcare
Location: Coalinga, California
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California, USA
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Entity Name: California Department of Rehabilitation
Entity Type: Government Agency
Industry: Public Administration / Social Services
Location: California, USA
Customers Affected: 12 (employees)
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration / Social Services
Location: California, USA
Customers Affected: Unknown (In Home Supportive Services program participants)
Entity Name: California Department of Justice
Entity Type: Government Agency
Industry: Law Enforcement / Public Safety
Location: California, USA
Customers Affected: 100
Entity Name: California Department of State Hospitals
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 2032
Recovery Measures: Dedicated call center set up to help affected individuals
Containment Measures: Steps were taken right away to fix the access issue
Remediation Measures: Corrective actions implemented
Remediation Measures: Issuing new Beneficiary Identification Cards
Communication Strategy: Informing affected parties
Third Party Assistance: International Business Machines (Ibm), Iron Mountain Inc..
Communication Strategy: Notification letter with recommendations for identity theft protection
Recovery Measures: Credit monitoring services offered to affected individuals
Communication Strategy: Public disclosure on 2012-05-11
Communication Strategy: Public disclosure on March 17, 2021
Third-Party Assistance: The company involves third-party assistance in incident response through International Business Machines (IBM), Iron Mountain Inc., .
Type of Data Compromised: Names, Dates of birth, Addresses, Covid-19-related health information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Number of Records Exposed: 246,000 files and 114,000 folders
Data Exfiltration: Yes
Type of Data Compromised: Social Security numbers
Number of Records Exposed: 3200
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Personal information
Number of Records Exposed: Unspecified
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security numbers
Type of Data Compromised: Names, Mailing addresses, Dates of birth, Social security numbers
Sensitivity of Data: High
Type of Data Compromised: Names, Dates of birth, Physical descriptions, Driver license numbers
Sensitivity of Data: High
Type of Data Compromised: Names, Client index numbers, Dates of birth, Genders
Number of Records Exposed: Unknown
Personally Identifiable Information: namesClient Index Numbersdates of birthgenders
Type of Data Compromised: Personal information
Sensitivity of Data: High
Personally Identifiable Information: namesaddressesSocial Security numbershealth insurance details
Type of Data Compromised: Individuals' names, Irs tax intercept amounts, Irs collection sources
Sensitivity of Data: High
Type of Data Compromised: Personal information, Health information
Sensitivity of Data: High
Type of Data Compromised: Names, Financial account information
Type of Data Compromised: Names, Addresses, County case numbers, Dates of birth, Last four digits of ssns
Number of Records Exposed: 1500
Sensitivity of Data: High
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Type of Data Compromised: Personal information
Sensitivity of Data: High
Personally Identifiable Information: children's namesaddressesdates of birthcard numbersEBT account numbers
Type of Data Compromised: Patient names, Covid-19 test results, Health information, Personal information of employees and job applicants
Number of Records Exposed: 1,415 patient records, 1,735 employee and job applicant records
Type of Data Compromised: Social security numbers, Other personal information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Type of Data Compromised: Social Security numbers
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Names, Addresses, Social security numbers, Medical information
Number of Records Exposed: 2000
Sensitivity of Data: High
File Types Exposed: Microfiche
Type of Data Compromised: Names, Social security numbers (ssn)
Sensitivity of Data: High
Type of Data Compromised: Personal information, Medical information
Number of Records Exposed: 1
Sensitivity of Data: High
Personally Identifiable Information: namedate of birthagemedicationsroom numbermedical record number
Type of Data Compromised: Full social security numbers, Names
Number of Records Exposed: 1000
Sensitivity of Data: High
Personally Identifiable Information: Full Social Security NumbersNames
Type of Data Compromised: Names, Case numbers, Birth dates, Legal commitments, Admission dates, Unit numbers, Genders
Sensitivity of Data: Medium
Type of Data Compromised: First names, Last names, Dates of birth, Addresses, Driver’s license numbers, Social security numbers
Sensitivity of Data: High
Type of Data Compromised: Personal information
Number of Records Exposed: 2952
Type of Data Compromised: Personal information, Medical information
Sensitivity of Data: High
Personally Identifiable Information: NamesExpected Delivery Dates
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 12
Sensitivity of Data: High (includes SSNs)
File Types Exposed: Spreadsheet
Personally Identifiable Information: NamesSocial Security numbers
Type of Data Compromised: Personal Information (specific types unknown)
Number of Records Exposed: Unknown
Sensitivity of Data: High (personal information)
Type of Data Compromised: Personally identifiable information (pii), License/permit data
Number of Records Exposed: 100
Sensitivity of Data: High (includes names, DOBs, addresses, and CCW license numbers)
Data Exfiltration: Yes (unauthorized release)
Personally Identifiable Information: Full NamesDates of BirthPhysical AddressesCCW License Numbers
Type of Data Compromised: Covid-19 test results, Health information
Number of Records Exposed: 2032
Sensitivity of Data: Moderate (health data, no SSNs/financial info)
Personally Identifiable Information: Partial (health data, no SSNs)
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Corrective actions implemented, , Issuing new Beneficiary Identification Cards, .
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by steps were taken right away to fix the access issue and .
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Dedicated call center set up to help affected individuals, Credit monitoring services offered to affected individuals.
Regulatory Notifications: Reported to the California Office of the Attorney General
Recommendations: Identity theft protection measures
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Identity theft protection measures.
Source: California Department of Social Services
Date Accessed: 2023-02-16
Source: California Department of Social Services
Date Accessed: 2014-07-17
Source: California Office of the Attorney General
Date Accessed: 2022-09-13
Source: California Department of Public Health
Date Accessed: 2018-05-23
Source: California Department of Justice
Date Accessed: 2012-05-11
Source: California Department of Health Care Services
Source: California Office of the Attorney General
Date Accessed: 2017-12-07
Source: California Department of State Hospitals
Source: Notification letter
Source: California Department of Child Support Services
Source: California Office of the Attorney General
Date Accessed: 2024-02-28
Source: California Department of State Hospitals – Coalinga
Date Accessed: 2021-09-03
Source: California Department of State Hospitals
Source: California Department of Public Health
Source: California Office of the Attorney General
Date Accessed: 2019-01-25
Source: California Department of Social Services Public Statement
Date Accessed: 2012-05-11
Source: California Department of Justice Public Disclosure
Date Accessed: 2022-06-27
Source: California Department of State Hospitals Breach Notice
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Department of Social ServicesDate Accessed: 2023-02-16, and Source: California Department of Social ServicesDate Accessed: 2014-07-17, and Source: CA DMV Data Breach ReportDate Accessed: 2015-11-06, and Source: California Office of the Attorney GeneralDate Accessed: 2022-09-13, and Source: California Department of Public HealthDate Accessed: 2018-05-23, and Source: California Department of JusticeDate Accessed: 2012-05-11, and Source: California Department of Health Care Services, and Source: California Office of the Attorney GeneralDate Accessed: 2017-12-07, and Source: California Department of State Hospitals, and Source: Notification letter, and Source: California Department of Child Support Services, and Source: California Office of the Attorney GeneralDate Accessed: 2024-02-28, and Source: California Department of State Hospitals – CoalingaDate Accessed: 2021-09-03, and Source: California Department of State Hospitals, and Source: California Department of Public Health, and Source: California Office of the Attorney GeneralDate Accessed: 2019-01-25, and Source: California Department of Social Services Public StatementDate Accessed: 2012-05-11, and Source: California Department of Justice Public DisclosureDate Accessed: 2022-06-27, and Source: California Department of State Hospitals Breach Notice.
Investigation Status: Unknown (no follow-up details provided)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informing Affected Parties, Notification letter with recommendations for identity theft protection, Public disclosure on 2012-05-11, Public disclosure on March 17 and 2021.
Customer Advisories: Credit monitoring services offered to affected employees
Customer Advisories: Public notification issued to IHSS program participants (assumed)
Customer Advisories: Affected individuals were likely notified as part of regulatory requirements (e.g., HIPAA).
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Credit monitoring services offered to affected employees, Public notification issued to IHSS program participants (assumed), Affected individuals were likely notified as part of regulatory requirements (e.g. and HIPAA)..
Entry Point: Email
High Value Targets: Patient Health Data, Employee Health Data,
Data Sold on Dark Web: Patient Health Data, Employee Health Data,
Root Causes: Misconfiguration by a third-party contractor
Root Causes: Human Error
Corrective Actions: Corrective actions implemented
Root Causes: Computer Programming Error
Corrective Actions: Issuing New Beneficiary Identification Cards,
Root Causes: Human Error
Root Causes: Human Error
Root Causes: Physical security failure during transit of sensitive documents
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as International Business Machines (Ibm), Iron Mountain Inc., .
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Corrective actions implemented, Issuing New Beneficiary Identification Cards, .
Last Attacking Group: The attacking group in the last incident were an Lockbit, Internal Employee, Internal Employee, Anonymous and Internal Employee.
Most Recent Incident Detected: The most recent incident detected was on 2023-02-16.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-03-17.
Most Recent Incident Resolved: The most recent incident resolved was on 2013-01-01.
Most Significant Data Compromised: The most significant data compromised in an incident were names, dates of birth, addresses, Covid-19-related health information, , 246,000 files and 114,000 folders totaling 75.3GB, Social Security numbers, , Names, Social Security numbers, , names, mailing addresses, dates of birth, Social Security numbers, , Names, Dates of Birth, Physical Descriptions, Driver License Numbers, , names, Client Index Numbers, dates of birth, genders, , names, addresses, Social Security numbers, health insurance details, , Individuals' names, IRS Tax Intercept amounts, IRS collection sources, , names, Social Security numbers, health insurance information, , Names, Financial Account Information, , names, addresses, county case numbers, dates of birth, last four digits of SSNs, , Names, Social Security Numbers, , children's names, addresses, dates of birth, card numbers, EBT account numbers, , patient names, COVID-19 test results, health information, personal information of employees and job applicants, , Social Security Numbers, Other personal information, , Social Security numbers, , names, addresses, Social Security numbers, medical information, , Names, Social Security numbers (SSN), , name, date of birth, age, medications, room number, medical record number, , Full Social Security Numbers, Names, , names, case numbers, birth dates, legal commitments, admission dates, unit numbers, genders, , First Names, Last Names, Dates of Birth, Addresses, Driver’s License Numbers, Social Security Numbers, , Personal Information, , Personal Information, Medical Information, , Employee names, Social Security numbers, , , names, dates of birth, addresses, CCW license numbers, , COVID-19 test results, health information and .
Most Significant System Affected: The most significant system affected in an incident was ebtEDGE Web Admin platform.
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was international business machines (ibm), iron mountain inc., .
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Steps were taken right away to fix the access issue.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Individuals' names, 246,000 files and 114,000 folders totaling 75.3GB, health insurance information, COVID-19 test results, IRS collection sources, last four digits of SSNs, county case numbers, Client Index Numbers, Names, Addresses, Physical Descriptions, Medical Information, admission dates, mailing addresses, addresses, children's names, Driver’s License Numbers, Financial Account Information, Driver License Numbers, card numbers, Other personal information, Last Names, medications, Dates of Birth, health information, medical record number, First Names, Covid-19-related health information, case numbers, unit numbers, Social Security numbers (SSN), name, CCW license numbers, personal information of employees and job applicants, Full Social Security Numbers, patient names, room number, dates of birth, Personal Information, Social Security Numbers, EBT account numbers, names, medical information, IRS Tax Intercept amounts, birth dates, genders, date of birth, health insurance details, age, legal commitments and Employee names.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 364.5K.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Identity theft protection measures.
Most Recent Source: The most recent source of information about an incident are California Department of Social Services Public Statement, Notification letter, California Department of State Hospitals Breach Notice, California Department of Public Health, California Office of the Attorney General, California Department of State Hospitals – Coalinga, California Department of Justice Public Disclosure, California Department of Health Care Services, California Department of State Hospitals, California Department of Justice, CA DMV Data Breach Report, California Department of Social Services and California Department of Child Support Services.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Unknown (no follow-up details provided).
Most Recent Customer Advisory: The most recent customer advisory issued were an Credit monitoring services offered to affected employees, Public notification issued to IHSS program participants (assumed), Affected individuals were likely notified as part of regulatory requirements (e.g. and HIPAA).
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Misconfiguration by a third-party contractor, Human Error, Computer Programming Error, Human Error, Human Error, Physical security failure during transit of sensitive documents.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Corrective actions implemented, Issuing new Beneficiary Identification Cards.
.png)
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid