SC
Company Details
Linkedin ID:
state-of-california
Website:
Employees number:
44,043
Number of followers:
140,130
NAICS:
92
Industry Type:
Homepage:
ca.gov
IP Addresses:
0
Company ID:
STA_3128250
Scan Status:
In-progress
State of California Company CyberSecurity Posture
ca.gov
Californians deserve a government that works for them and with them. One that will work to ensure opportunity and justice. We are building a California not for the few, but for all — including those who have historically been left out. We are doing the work to make our state a place for every Californian and all the diversity that makes us strong. Our state will be known as a place where everyone is respected, protected, and connected.
State of California A.I CyberSecurity Scoring
SC Risk Score (AI oriented)Between 750 and 799
SC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SC Global Score (TPRM)XXXX
SC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SC Company CyberSecurity News & History
Past Incidents
30
Attack Types
3
Department of Motor Vehicles
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Department of Motor Vehicles (CA DMV) reported a data breach on November 6, 2015, involving an erroneous disclosure of personal information on September 28, 2015. The breach affected the Riverside Probation Department and involved the accidental transmission of names, dates of birth, physical descriptions, and driver license numbers, but did not include Social Security Numbers.
California Department of Motor Vehicles
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Seven government agencies now have access to some drivers' Social Security numbers thanks to a data breach at the California Department of Motor Vehicles. According to the organisation, the breach had an impact on 3,200 people for at least the previous four years. The DMV says that it was not hacked and that no private persons or organisations received the information. According to the DMV, steps were taken right away to fix the access issue and make sure that no further private information was leaked.
Department of State Hospitals
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On May 11, 2021, the California Department of State Hospitals reported a data breach involving improper access to personal information. The breach, discovered on April 13, 2021, affected 1,415 patient names, COVID-19 test results, and health information, as well as the personal information of approximately 1,735 employees and job applicants. Details about the specific method of breach are not provided.
Department of State Hospitals
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of State Hospitals reported a data breach on April 5, 2021, involving improper access to personal information of approximately 1,735 employees and former employees, as well as 1,217 job applicants. The breach was discovered during an investigation initiated on February 25, 2021, with no evidence of misuse of the compromised information.
Department of State Hospitals
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of State Hospitals reported a data breach on May 24, 2013, involving the unauthorized disclosure of Social Security Numbers and other personal information of employees due to a security incident on May 8, 2013. The information was available on the intranet for approximately 6 hours, affecting an unknown number of individuals. The breach was made public through a notification letter, which provided recommendations for identity theft protection.
Department of State Hospitals – Coalinga
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of State Hospitals – Coalinga reported a data breach on September 3, 2021. The breach involved unauthorized disclosure of patient information to the United States District Court, which occurred on or around August 12, 2021. The specific types of compromised information included names, case numbers, birth dates, legal commitments, admission dates, unit numbers, and genders of patients, but did not include Social Security numbers or financial account numbers.
Department of State Hospitals – Atascadero
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving the Department of State Hospitals (DSH) on February 28, 2024. The breach, discovered on February 15, 2024, involved the unauthorized dissemination of Leave and Activity Balance reports containing confidential information, including full social security numbers and names. Approximately 1,000 individuals were affected by this incident.
Department of State Hospitals
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Department of State Hospitals experienced a data breach in early 2021, where unauthorized access to sensitive information was detected on **February 25, 2021**, though the breach spanned from **November 6, 2020, to February 5, 2021**. The incident compromised the data of **1,415 patients and 617 employees**, exposing **COVID-19 test results and health-related details**. However, no **Social Security numbers or financial information** were accessed. The breach involved improper access to both **patient and employee records**, raising concerns over privacy violations and potential misuse of medical data. While the exact method of unauthorized access was not disclosed, the exposure of health information—even without financial identifiers—poses risks of identity profiling, targeted phishing, or reputational harm to the affected individuals and the institution. The department took steps to investigate and mitigate the breach, though the long-term consequences for those impacted remain uncertain.
Department of Child Support Services
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Department of Child Support Services reported a potential disclosure of personal information on May 6, 2014. The breach occurred on April 7, 2014, when letters from the Solano County Department of Child Support Services were misplaced during transport. The exact number of individuals affected is unknown, and the types of information compromised are not specified.
California Department of Child Support Services
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of Child Support Services reported a data breach on January 14, 2025, involving the inadvertent emailing of personal information to a personal email account. The breach affected individuals' first names, last names, dates of birth, addresses, driver’s license numbers, and social security numbers. This incident highlights the vulnerability of sensitive personal data and the potential consequences of such breaches on individuals' privacy and security.
California Department of Child Support Services
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving the California Department of Child Support Services (DCSS) on September 13, 2022. The breach occurred on or around March 8, 2022, when an employee sent an email to their personal account containing personal information, including individuals' names, IRS Tax Intercept amounts, and IRS collection sources. The total number of affected individuals is currently unknown.
California Department of Child Support Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On March 29, 2012, the California Department of Child Support Services reported a data breach involving missing storage devices that potentially contained personal information of parents, caregivers, and children. The breach occurred on March 12, 2012, and involved personal information such as names, addresses, Social Security numbers, and health insurance details. The agency is working with International Business Machines (IBM) and Iron Mountain Inc. to locate the missing devices.
California Department of Finance
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Finance Department for the state of California was a recent target of Lockbit, the notorious Russian-linked ransomware group. The group allegedly posted on the dark web to threaten them that if the ransom demands aren’t met by December 24, they will leak the stolen data. The hackers also published online the number of directories and files that contained over 246,000 files and over 114,000 folders totalling 75.3GB of data, as displayed in the properties dialogue. However, an initial access broker (IAB) was offering a way past the department’s cyber defences for $30,000 per breached server.
Department of Health Care Services
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Department of Health Care Services (DHCS) reported a data breach involving the erroneous mailing of Beneficiary Identification Cards (BIC) due to a computer programming error. The breach occurred between December 10 and December 18, 2012, potentially affecting an unknown number of individuals, with exposed information including names, Client Index Numbers, dates of birth, and genders. Affected parties were informed on December 21, 2012, and a new card was to be issued by January 1, 2013.
Department of Health Care Services
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Department of Health Care Services (DHCS) reported a privacy incident on December 5, 2012, involving the exposure of Social Security numbers (SSNs) of In-Home Supportive Services (IHSS) providers. The breach occurred on November 5, 2012, when lists of Medi-Cal providers were posted online, inadvertently including an SSN in a non-standard format. The number of affected individuals is unknown.
Department of Health Care Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Department of Health Care Services (DHCS) reported a data breach on March 20, 2023, related to a security incident involving a subcontractor, Advanced Image Direct (AID), that occurred on January 12, 2023. The breach potentially exposed personal information, including names, addresses, county case numbers, dates of birth, and the last four digits of Social Security Numbers (SSNs). Approximately 1,500 individuals are reported to have been affected.
California Department of Justice
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Department of Justice experienced a data breach on **June 27, 2022**, involving the unauthorized disclosure of sensitive personal information. The incident primarily affected approximately **100 individuals** holding **concealed carry weapons (CCW) permits**. The exposed data included **names, dates of birth, residential addresses, and CCW license numbers**—information that, if misused, could pose significant privacy and security risks to the affected individuals. The breach raises concerns about potential **identity theft, targeted harassment, or physical safety threats** for permit holders, given the sensitive nature of the leaked data. While the exact cause of the breach (e.g., insider threat, system vulnerability, or external cyberattack) was not specified in the report, the exposure of such regulated information underscores critical lapses in data protection protocols within a **government law enforcement agency**. The incident highlights the broader implications of **mishandling firearm-related records**, which are subject to strict confidentiality laws in many jurisdictions. The breach not only erodes public trust in the agency’s ability to safeguard sensitive data but also may lead to **legal repercussions, reputational damage, and heightened scrutiny** over its cybersecurity practices.
California Department of Justice
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Department of Justice reported on May 11, 2012, that hackers affiliated with Anonymous accessed private email accounts of a retired agent from the Computer and Technology Crime High-Tech Response Team (CATCH) in November 2011. The breach potentially exposed personal information, including names and financial account information, although the exact number of individuals affected and specific details regarding the breach are unknown.
California Department of Public Health
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Department of Public Health reported a data breach on May 8, 2012, involving the theft of a survey binder containing personal and medical information after it was left in an unattended vehicle. Approximately 1 individual was affected, and the compromised information included name, date of birth, age, medications, room number, and medical record number.
California Department of Public Health
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of Public Health (CDPH) reported a data breach on May 8, 2013, involving a roll of microfiche containing approximately 2,000 birth records from 1974 found at an unsecure non-State location. The affected records include names, addresses, Social Security numbers, and some medical information, potentially impacting around 6,000 individuals born in specific months and counties in California.
California Department of Public Health
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of Public Health reported a data breach involving the Women, Infants, and Children (WIC) Program on September 26, 2013. The breach occurred on August 20, 2013, when a Madera County WIC employee mistakenly disclosed personal and medical information, including names and expected delivery dates, to another participant. The number of individuals affected is unknown.
California Department of Public Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The sensitive medical information of citizens of California was exposed by a misconfigured database managed by the California Department of Public Health. The misconfiguration resulted from an error made by a third-party contractor and led to the breach of names, dates of birth, addresses, and Covid-19-related health information of the citizens. The department set up a dedicated call center to help out the people of California affected by the breach.
California Department of Public Health
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: On May 23, 2018, the California Department of Public Health (CDPH) reported a data breach that occurred on March 12, 2018, involving the theft of documents and a laptop from a contractor's vehicle. This incident potentially exposed personal and health information such as names, Social Security numbers, and health insurance information. The breach highlights the vulnerability of sensitive data when handled by third-party contractors and the importance of robust security measures to protect personal information.
Department of Rehabilitation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On January 9, 2019, the California Department of Rehabilitation suffered a data breach involving an exposed spreadsheet containing sensitive employee information. The compromised data included employee names and Social Security numbers, affecting approximately 12 individuals. The breach was reported to the California Office of the Attorney General on January 25, 2019. In response, the Department took corrective action by offering credit monitoring services to the impacted employees to mitigate potential risks such as identity theft or financial fraud. The incident highlighted vulnerabilities in the handling of personally identifiable information (PII) within the organization, raising concerns about internal data protection protocols and the safeguarding of employee records against unauthorized access or disclosure.
Department of Rehabilitation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving the Department of Rehabilitation on December 7, 2017. The breach occurred on November 22, 2017, when a file containing personal information, specifically names and social security numbers, was inadvertently emailed without encryption to an outside entity. The number of individuals affected is currently unknown.
California Department of Social Services
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Department of Social Services (CDSS) reported a data breach involving the unauthorized release of personal information on July 17, 2014. The breach, which occurred on July 16, 2014, involved accidentally discarded confidential documents that may have contained names, mailing addresses, dates of birth, and Social Security numbers. The number of individuals affected is currently unknown.
California Department of Social Services
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Department of Social Services reported a data breach on February 16, 2023, involving an incident that occurred on January 6, 2023. An employee emailed a document containing personal information, including names and Social Security numbers, to a personal account. The breach potentially affected an unspecified number of individuals. Corrective actions have been implemented to minimize future risks.
California Department of Social Services
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On August 19, 2022, the California Department of Social Services (CDSS) reported a data breach that occurred on August 11, 2022. An email containing personal information, including names and Social Security numbers (SSN), was sent to unauthorized individuals. The total number of individuals affected is currently unknown.
California Department of Social Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Department of Social Services (CDSS) reported a data breach involving the Sun Bucks Program on October 3, 2024. The breach, which involved unauthorized access to case information in the ebtEDGE Web Admin platform, was discovered on July 19, 2024, and affected personal information including children's names, addresses, dates of birth, card numbers, and EBT account numbers. The number of individuals affected is not specified.
California Department of Social Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On **May 1, 2012**, the **California Department of Social Services (CDSS)** experienced a **security breach** involving the **In Home Supportive Services (IHSS) program**. The incident occurred during the transit of a package containing **personal information**, which was found **damaged** upon arrival, with some contents confirmed as **missing**. The exact number of affected individuals and the specific types of compromised data (e.g., names, Social Security numbers, medical records, or financial details) remain **undisclosed**.The breach highlights a **physical security failure** in safeguarding sensitive data during transportation, exposing participants of the IHSS program—who often include vulnerable populations such as elderly or disabled individuals—to potential risks like **identity theft, fraud, or unauthorized access to personal details**. While no evidence of malicious exploitation was reported, the **unknown scope of the leak** and the **sensitive nature of the program’s data** raise concerns about long-term repercussions for those impacted. The incident underscores the need for stricter **data handling protocols**, especially for government agencies managing high-risk personal information.
SC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SC
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for State of California in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for State of California in 2025.
Incident Types SC vs Government Administration Industry Avg (This Year)
No incidents recorded for State of California in 2025.
Incident History — SC (X = Date, Y = Severity)
SC cyber incidents detection timeline including parent company and subsidiaries
SC Company Subsidiaries
Californians deserve a government that works for them and with them. One that will work to ensure opportunity and justice. We are building a California not for the few, but for all — including those who have historically been left out. We are doing the work to make our state a place for every Californian and all the diversity that makes us strong. Our state will be known as a place where everyone is respected, protected, and connected.
Loading...
SC Similar Companies
Vlaamse overheid
Bij de Vlaamse overheid geef je elke dag opnieuw het beste van jezelf, in een job die een verschil maakt in de maatschappij. Pas afgestudeerd of al een aantal jaren professionele ervaring achter de rug? Op zoek naar een job als arbeider, bediende, leidinggevende, administratief medewerker, ingenie
State of Minnesota
Minnesota State Government is the third largest employer in the state of Minnesota, employing over 50,000 diverse and talented employees in more than 100 state agencies, boards, commissions, colleges, and universities. Our workplaces can be found across the state in 86 out of 87 Minnesota counties a
The Singapore Public Service
The Singapore Public Service works with the elected Government and Singaporeans to forge a common vision of Singapore’s future and bring it into reality. We take pride in living out our values of integrity, service and excellence. Follow us for stories on how our public officers are contributing
Government of Alberta
Work with the Alberta government to build a stronger province for current and future generations. We offer diverse and rewarding employment opportunities in an environment that encourages continuous learning and career growth. We are one of the largest employers in Alberta with over 27,000 empl
U.S. Census Bureau
The Census Bureau serves as the nation’s leading provider of quality data about its people and economy. We have been headquartered in Suitland, Maryland since 1942, and currently employ about 4,285 staff members. We are part of the U.S. Department of Commerce and overseen by the Economics and Statis
Department for Education
Help us achieve world-class education, training and care for everyone, whatever their background. Whether you're just starting out, or an experienced professional, we have what you are looking for. Jobs include administration, policy advisers, digital, finance, commercial specialists and many more
City of Philadelphia
With a workforce of 30,000 people, and opportunities in 1,000 different job categories, the City of Philadelphia is one of the largest employers in Southeastern Pennsylvania. As an employer, we operate through the guiding principles of service, integrity, respect, accountability, collaboration, dive
France Travail
France Travail est un acteur majeur du marché de l’emploi en France où il s’investit pour faciliter le retour à l’emploi des demandeurs d’emploi et offrir aux entreprises des réponses adaptées à leurs besoins de recrutement. Les 55 000 collaborateurs de France Travail œuvrent au quotidien pour êtr
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
.png)
SC CyberSecurity News
October 29, 2025 07:00 AM
Celebrating our Staff – I am Cal OES Vanessa Faur, Cyber Threat Analyst at the California Cybersecurity Integration Center | Cal OES News
Meet Vanessa Faur, Cyber Threat Analyst with Cal OES's California Cybersecurity Integration Center (Cal CSIC), who actively works to reduce...
October 24, 2025 07:00 AM
Why California Is a Smart Choice for Cybersecurity Education
Cybercrime is no longer a shadowy sideshow. It's a full-blown siege. Banks, hospitals, power grids, small businesses.
October 23, 2025 07:00 AM
University of California faculty push back against Big Brother cybersecurity mandate
Faculty and administrators at the University of California (UC) have settled into a bitter stalemate in a dispute over privacy and academic...
October 20, 2025 07:00 AM
California Finalizes Groundbreaking Regulations on AI, Risk Assessments, and Cybersecurity, Part III: Risk Assessments
On September 23, 2025, the California Office of Administrative Law (OAL) approved regulations under the California Consumer Privacy Act...
October 15, 2025 07:00 AM
‘Be Intentional’ About What You Protect, Cyber Expert Says
Public- and private-sector security leaders examined trends in cyber threats at the recent California Cybersecurity Education Summit.
October 14, 2025 07:00 AM
Bómbita Out at California Cybersecurity Integration Center
Edward Bómbita, commander with the California Cybersecurity Integration Center, was relieved of duty in late September.
October 12, 2025 07:00 AM
Fired California cybersecurity chief speaks out on sudden termination, security concerns
The fired chief of California's cybersecurity agency is speaking out about his termination and sounding the alarm over state-wide security...
October 12, 2025 07:00 AM
Fired chief of California's cybersecurity agency speaks about his sudden termination
The fired chief of California's cybersecurity agency is speaking out about his termination and sounding the alarm over state-wide security...
October 09, 2025 07:00 AM
After getting fired, California’s top cybersecurity official calls for change
The governor fired the top California cybersecurity official. He says the people who oversaw him were unqualified.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SC CyberSecurity History Information
Official Website of State of California
The official website of State of California is http://www.ca.gov.
State of California’s AI-Generated Cybersecurity Score
According to Rankiteo, State of California’s AI-generated cybersecurity score is 792, reflecting their Fair security posture.
How many security badges does State of California’ have ?
According to Rankiteo, State of California currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does State of California have SOC 2 Type 1 certification ?
According to Rankiteo, State of California is not certified under SOC 2 Type 1.
Does State of California have SOC 2 Type 2 certification ?
According to Rankiteo, State of California does not hold a SOC 2 Type 2 certification.
Does State of California comply with GDPR ?
According to Rankiteo, State of California is not listed as GDPR compliant.
Does State of California have PCI DSS certification ?
According to Rankiteo, State of California does not currently maintain PCI DSS compliance.
Does State of California comply with HIPAA ?
According to Rankiteo, State of California is not compliant with HIPAA regulations.
Does State of California have ISO 27001 certification ?
According to Rankiteo,State of California is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of State of California
State of California operates primarily in the Government Administration industry.
Number of Employees at State of California
State of California employs approximately 44,043 people worldwide.
Subsidiaries Owned by State of California
State of California presently has no subsidiaries across any sectors.
State of California’s LinkedIn Followers
State of California’s official LinkedIn profile has approximately 140,130 followers.
NAICS Classification of State of California
State of California is classified under the NAICS code 92, which corresponds to Public Administration.
State of California’s Presence on Crunchbase
No, State of California does not have a profile on Crunchbase.
State of California’s Presence on LinkedIn
Yes, State of California maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/state-of-california.
Cybersecurity Incidents Involving State of California
As of December 16, 2025, Rankiteo reports that State of California has experienced 30 cybersecurity incidents.
Number of Peer and Competitor Companies
State of California has an estimated 11,664 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at State of California ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Ransomware and Data Leak.
How does State of California detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an recovery measures with dedicated call center set up to help affected individuals, and containment measures with steps were taken right away to fix the access issue, and remediation measures with corrective actions implemented, and remediation measures with issuing new beneficiary identification cards, and communication strategy with informing affected parties, and third party assistance with international business machines (ibm), third party assistance with iron mountain inc., and communication strategy with notification letter with recommendations for identity theft protection, and recovery measures with credit monitoring services offered to affected individuals, and communication strategy with public disclosure on 2012-05-11, and communication strategy with public disclosure on march 17, 2021..
Incident Details
Can you provide details on each incident ?
Title: California Department of Public Health Data Breach
Description: The sensitive medical information of citizens of California was exposed by a misconfigured database managed by the California Department of Public Health. The misconfiguration resulted from an error made by a third-party contractor and led to the breach of names, dates of birth, addresses, and Covid-19-related health information of the citizens. The department set up a dedicated call center to help out the people of California affected by the breach.
Type: Data Breach
Attack Vector: Misconfigured Database
Vulnerability Exploited: Error by a third-party contractor
Title: Ransomware Attack on California Finance Department
Description: The Finance Department for the state of California was targeted by Lockbit, a Russian-linked ransomware group. The group threatened to leak stolen data if ransom demands weren't met by December 24. The hackers published details of the stolen data, including 246,000 files and 114,000 folders totaling 75.3GB. An initial access broker was offering access to the department's cyber defenses for $30,000 per breached server.
Type: Ransomware
Threat Actor: Lockbit
Motivation: Financial
Title: California DMV Data Breach
Description: Seven government agencies now have access to some drivers' Social Security numbers thanks to a data breach at the California Department of Motor Vehicles.
Type: Data Breach
Title: California Department of Social Services Data Breach
Description: A document containing personal information, including names and Social Security numbers, was emailed to a personal account by an employee.
Date Detected: 2023-02-16
Date Publicly Disclosed: 2023-02-16
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Threat Actor: Internal Employee
Motivation: Accidental
Title: California Department of Social Services Data Breach
Description: The California Department of Social Services (CDSS) reported a data breach involving unauthorized release of personal information on July 17, 2014. The breach, which occurred on July 16, 2014, involved accidentally discarded confidential documents that may have contained names, mailing addresses, dates of birth, and Social Security numbers. The number of individuals affected is currently unknown.
Date Detected: 2014-07-17
Date Publicly Disclosed: 2014-07-17
Type: Data Breach
Attack Vector: Accidental Discard of Confidential Documents
Title: CA DMV Data Breach
Description: The California Department of Motor Vehicles (CA DMV) reported a data breach on November 6, 2015, involving an erroneous disclosure of personal information on September 28, 2015. The breach affected the Riverside Probation Department and involved the accidental transmission of names, dates of birth, physical descriptions, and driver license numbers, but did not include Social Security Numbers.
Date Detected: 2015-11-06
Date Publicly Disclosed: 2015-11-06
Type: Data Breach
Attack Vector: Erroneous Disclosure
Title: California DHCS Data Breach
Description: The California Department of Health Care Services (DHCS) reported a data breach involving the erroneous mailing of Beneficiary Identification Cards (BIC) due to a computer programming error.
Date Detected: 2012-12-21
Date Resolved: 2013-01-01
Type: Data Breach
Attack Vector: Computer Programming Error
Vulnerability Exploited: Computer Programming Error
Title: California Department of Child Support Services Data Breach
Description: The California Department of Child Support Services reported a data breach involving missing storage devices that potentially contained personal information of parents, caregivers, and children.
Date Detected: 2012-03-29
Type: Data Breach
Attack Vector: Physical Theft/Loss
Title: Data Breach at California Department of Child Support Services
Description: An employee sent an email to their personal account containing personal information, including individuals' names, IRS Tax Intercept amounts, and IRS collection sources.
Date Detected: 2022-09-13
Date Publicly Disclosed: 2022-09-13
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Threat Actor: Internal Employee
Title: Data Breach at California Department of Public Health
Description: Theft of documents and a laptop from a contractor's vehicle, potentially exposing personal and health information.
Date Detected: 2018-05-23
Date Publicly Disclosed: 2018-05-23
Type: Data Breach
Attack Vector: Physical Theft
Title: California Department of Justice Email Breach
Description: Hackers affiliated with Anonymous accessed private email accounts of a retired agent from the Computer and Technology Crime High-Tech Response Team (CATCH) in November 2011.
Date Detected: 2011-11-01
Date Publicly Disclosed: 2012-05-11
Type: Data Breach
Attack Vector: Email Compromise
Threat Actor: Anonymous
Title: Data Breach at California Department of Health Care Services
Description: The California Department of Health Care Services (DHCS) reported a data breach on March 20, 2023, related to a security incident involving a subcontractor, Advanced Image Direct (AID), that occurred on January 12, 2023. The breach potentially exposed personal information, including names, addresses, county case numbers, dates of birth, and the last four digits of Social Security Numbers (SSNs). Approximately 1,500 individuals are reported to have been affected.
Date Detected: 2023-01-12
Date Publicly Disclosed: 2023-03-20
Type: Data Breach
Title: Data Breach at California Department of Rehabilitation
Description: The California Office of the Attorney General reported a data breach involving the Department of Rehabilitation on December 7, 2017. The breach occurred on November 22, 2017, when a file containing personal information, specifically names and social security numbers, was inadvertently emailed without encryption to an outside entity. The number of individuals affected is currently unknown.
Date Detected: 2017-11-22
Date Publicly Disclosed: 2017-12-07
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Unencrypted Email
Title: California Department of Social Services Data Breach
Description: The California Department of Social Services (CDSS) reported a data breach involving the Sun Bucks Program on October 3, 2024. The breach, which involved unauthorized access to case information in the ebtEDGE Web Admin platform, was discovered on July 19, 2024, and affected personal information including children's names, addresses, dates of birth, card numbers, and EBT account numbers. The number of individuals affected is not specified.
Date Detected: 2024-07-19
Date Publicly Disclosed: 2024-10-03
Type: Data Breach
Attack Vector: Unauthorized Access
Title: California Department of State Hospitals Data Breach
Description: A data breach involving improper access to personal information was reported by the California Department of State Hospitals.
Date Detected: 2021-04-13
Date Publicly Disclosed: 2021-05-11
Type: Data Breach
Title: California Department of State Hospitals Data Breach
Description: Unauthorized disclosure of Social Security Numbers and other personal information of employees due to a security incident.
Date Detected: 2013-05-08
Date Publicly Disclosed: 2013-05-24
Type: Data Breach
Title: California DHCS Privacy Incident
Description: The California Department of Health Care Services (DHCS) reported a privacy incident on December 5, 2012, involving the exposure of Social Security numbers (SSNs) of In-Home Supportive Services (IHSS) providers. The breach occurred on November 5, 2012, when lists of Medi-Cal providers were posted online, inadvertently including an SSN in a non-standard format. The number of affected individuals is unknown.
Date Detected: 2012-11-05
Date Publicly Disclosed: 2012-12-05
Type: Data Breach
Attack Vector: Inadvertent Exposure
Vulnerability Exploited: Data Handling Error
Title: California Department of Public Health Data Breach
Description: The California Department of Public Health (CDPH) reported a data breach on May 8, 2013, involving a roll of microfiche containing approximately 2,000 birth records from 1974 found at an unsecure non-State location. The affected records include names, addresses, Social Security numbers, and some medical information, potentially impacting around 6,000 individuals born in specific months and counties in California.
Date Detected: 2013-05-08
Date Publicly Disclosed: 2013-05-08
Type: Data Breach
Title: California Department of Social Services Data Breach
Description: An email containing personal information, including names and Social Security numbers (SSN), was sent to unauthorized individuals.
Date Detected: 2022-08-19
Date Publicly Disclosed: 2022-08-19
Type: Data Breach
Attack Vector: Email
Title: California Department of Public Health Data Breach
Description: The California Department of Public Health reported a data breach involving the theft of a survey binder containing personal and medical information after it was left in an unattended vehicle.
Date Detected: 2012-05-08
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Unattended Vehicle
Title: Potential Disclosure of Personal Information by California Department of Child Support Services
Description: The California Department of Child Support Services reported a potential disclosure of personal information on May 6, 2014. The breach occurred on April 7, 2014, when letters from the Solano County Department of Child Support Services were misplaced during transport. The exact number of individuals affected is unknown, and the types of information compromised are not specified.
Date Detected: 2014-05-06
Date Publicly Disclosed: 2014-05-06
Type: Data Breach
Attack Vector: Physical Theft/Loss
Title: Data Breach at Department of State Hospitals
Description: The California Office of the Attorney General reported a data breach involving the Department of State Hospitals (DSH) on February 28, 2024. The breach, discovered on February 15, 2024, involved the unauthorized dissemination of Leave and Activity Balance reports containing confidential information, including full social security numbers and names. Approximately 1,000 individuals were affected by this incident.
Date Detected: 2024-02-15
Date Publicly Disclosed: 2024-02-28
Type: Data Breach
Attack Vector: Unauthorized Dissemination
Title: California Department of State Hospitals – Coalinga Data Breach
Description: The California Department of State Hospitals – Coalinga reported a data breach involving unauthorized disclosure of patient information to the United States District Court.
Date Detected: 2021-09-03
Date Publicly Disclosed: 2021-09-03
Type: Data Breach
Attack Vector: Unauthorized Disclosure
Title: California Department of Child Support Services Data Breach
Description: The California Department of Child Support Services reported a data breach that occurred on January 14, 2025, involving the inadvertent emailing of personal information to a personal email account. The breach affected individuals' first names, last names, dates of birth, addresses, driver’s license numbers, and social security numbers.
Date Detected: 2025-01-14
Type: Data Breach
Attack Vector: Inadvertent Email
Title: California Department of State Hospitals Data Breach
Description: The California Department of State Hospitals reported a data breach on April 5, 2021, involving improper access to personal information of approximately 1,735 employees and former employees, as well as 1,217 job applicants. The breach was discovered during an investigation initiated on February 25, 2021, with no evidence of misuse of the compromised information.
Date Detected: 2021-02-25
Date Publicly Disclosed: 2021-04-05
Type: Data Breach
Title: California Department of Public Health WIC Program Data Breach
Description: The California Department of Public Health reported a data breach involving the Women, Infants, and Children (WIC) Program on September 26, 2013. The breach occurred on August 20, 2013, when a Madera County WIC employee mistakenly disclosed personal and medical information, including names and expected delivery dates, to another participant. The number of individuals affected is unknown.
Date Detected: 2013-08-20
Date Publicly Disclosed: 2013-09-26
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Mistaken Disclosure
Threat Actor: Internal Employee
Motivation: Accidental
Title: California Department of Rehabilitation Data Breach (2019)
Description: The California Office of the Attorney General reported that the Department of Rehabilitation experienced a data breach involving a spreadsheet that included employee names and Social Security numbers. Approximately 12 individuals were affected, and the Department offered credit monitoring services to those impacted.
Date Detected: 2019-01-09
Date Publicly Disclosed: 2019-01-25
Type: Data Breach
Title: California Department of Social Services IHSS Data Breach (2012)
Description: The California Department of Social Services reported a security incident involving personal information relating to the In Home Supportive Services program (IHSS). The breach occurred during transit when a package containing personal information was damaged, with some contents determined missing. The number of individuals affected and specific types of information compromised are unknown.
Date Detected: 2012-05-11
Date Publicly Disclosed: 2012-05-11
Type: Data Breach (Physical Loss/Theft)
Attack Vector: Physical Theft/Loss During Transit
Title: California Department of Justice CCW Permit Data Breach
Description: The California Department of Justice reported a data breach involving the unauthorized release of personal information primarily related to individuals with concealed carry weapons (CCW) permits. Exposed data included names, dates of birth, addresses, and CCW license numbers, affecting approximately 100 individuals.
Date Detected: 2022-06-27
Date Publicly Disclosed: 2022-06-27
Type: Data Breach
Title: California Department of State Hospitals Data Breach (2021)
Description: The California Department of State Hospitals reported a data breach involving improper access to patient and employee data. The breach affected approximately 1,415 patients and 617 employees, potentially exposing COVID-19 test results and health information but no Social Security numbers or financial information. The breach occurred over multiple dates between November 6, 2020, and February 5, 2021, and was identified on February 25, 2021.
Date Detected: 2021-02-25
Date Publicly Disclosed: 2021-03-17
Type: Data Breach (Unauthorized Access)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CAL184124422
Data Compromised: Names, Dates of birth, Addresses, Covid-19-related health information
Incident : Ransomware CAL2251141222
Data Compromised: 246,000 files and 114,000 folders totaling 75.3GB
Incident : Data Breach CAL9230423
Data Compromised: Social security numbers
Incident : Data Breach CAL601072525
Data Compromised: Names, Social security numbers
Incident : Data Breach CAL733072525
Data Compromised: Names, Mailing addresses, Dates of birth, Social security numbers
Incident : Data Breach CAD846072525
Data Compromised: Names, Dates of birth, Physical descriptions, Driver license numbers
Incident : Data Breach CAL011072625
Data Compromised: Names, Client index numbers, Dates of birth, Genders
Incident : Data Breach CAL152072625
Data Compromised: Names, Addresses, Social security numbers, Health insurance details
Incident : Data Breach CAL518072625
Data Compromised: Individuals' names, Irs tax intercept amounts, Irs collection sources
Incident : Data Breach CAL543072625
Data Compromised: Names, Social security numbers, Health insurance information
Incident : Data Breach CAL619072625
Data Compromised: Names, Financial account information
Incident : Data Breach CAL416072625
Data Compromised: Names, Addresses, County case numbers, Dates of birth, Last four digits of ssns
Incident : Data Breach CAL739072625
Data Compromised: Names, Social security numbers
Incident : Data Breach CAL854072625
Data Compromised: Children's names, Addresses, Dates of birth, Card numbers, Ebt account numbers
Systems Affected: ebtEDGE Web Admin platform
Incident : Data Breach CAD921072625
Data Compromised: Patient names, Covid-19 test results, Health information, Personal information of employees and job applicants
Incident : Data Breach CAD211072725
Data Compromised: Social security numbers, Other personal information
Identity Theft Risk: High
Incident : Data Breach CAL732072725
Data Compromised: Social security numbers
Incident : Data Breach CAL902072725
Data Compromised: Names, Addresses, Social security numbers, Medical information
Incident : Data Breach CAL455072725
Data Compromised: Names, Social security numbers (ssn)
Incident : Data Breach CAL510072725
Data Compromised: Name, Date of birth, Age, Medications, Room number, Medical record number
Incident : Data Breach CAD531072825
Data Compromised: Full social security numbers, Names
Incident : Data Breach CAD749072825
Data Compromised: Names, Case numbers, Birth dates, Legal commitments, Admission dates, Unit numbers, Genders
Incident : Data Breach CAL036072925
Data Compromised: First names, Last names, Dates of birth, Addresses, Driver’s license numbers, Social security numbers
Incident : Data Breach CAD531072925
Data Compromised: Personal information
Incident : Data Breach CAL104080425
Data Compromised: Personal information, Medical information
Incident : Data Breach CAL1017090725
Data Compromised: Employee names, Social security numbers
Identity Theft Risk: High (SSNs exposed)
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Brand Reputation Impact: Potential (unknown scale)
Identity Theft Risk: Potential (unknown scale)
Incident : Data Breach CAL547091725
Data Compromised: Names, Dates of birth, Addresses, Ccw license numbers
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive permit holder data
Identity Theft Risk: High (due to exposure of PII including names, DOBs, and addresses)
Incident : Data Breach (Unauthorized Access) CAD034091825
Data Compromised: Covid-19 test results, Health information
Identity Theft Risk: Low (no SSNs or financial data exposed)
Payment Information Risk: None
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Dates Of Birth, Addresses, Covid-19-Related Health Information, , Social Security numbers, Personal Information, , Names, Mailing Addresses, Dates Of Birth, Social Security Numbers, , Names, Dates Of Birth, Physical Descriptions, Driver License Numbers, , Names, Client Index Numbers, Dates Of Birth, Genders, , Personal Information, , Individuals' Names, Irs Tax Intercept Amounts, Irs Collection Sources, , Personal Information, Health Information, , Names, Financial Account Information, , Names, Addresses, County Case Numbers, Dates Of Birth, Last Four Digits Of Ssns, , Names, Social Security Numbers, , Personal Information, , Patient Names, Covid-19 Test Results, Health Information, Personal Information Of Employees And Job Applicants, , Social Security Numbers, Other Personal Information, , Social Security numbers, Names, Addresses, Social Security Numbers, Medical Information, , Names, Social Security Numbers (Ssn), , Personal Information, Medical Information, , Full Social Security Numbers, Names, , Names, Case Numbers, Birth Dates, Legal Commitments, Admission Dates, Unit Numbers, Genders, , First Names, Last Names, Dates Of Birth, Addresses, Driver’S License Numbers, Social Security Numbers, , Personal Information, , Personal Information, Medical Information, , Personally Identifiable Information (Pii), , Personal Information (specific types unknown), Personally Identifiable Information (Pii), License/Permit Data, , Covid-19 Test Results, Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach CAL184124422
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: Citizens of California
Incident : Ransomware CAL2251141222
Entity Name: Finance Department for the state of California
Entity Type: Government
Industry: Public Administration
Location: California
Incident : Data Breach CAL9230423
Entity Name: California Department of Motor Vehicles
Entity Type: Government Agency
Industry: Government
Location: California, USA
Customers Affected: 3200
Incident : Data Breach CAL601072525
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Customers Affected: Unspecified number of individuals
Incident : Data Breach CAL733072525
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Sector
Location: California, USA
Incident : Data Breach CAD846072525
Entity Name: Riverside Probation Department
Entity Type: Government Agency
Industry: Law Enforcement
Location: Riverside, California
Incident : Data Breach CAL011072625
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: Unknown
Incident : Data Breach CAL152072625
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAL518072625
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAL543072625
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Incident : Data Breach CAL619072625
Entity Name: California Department of Justice
Entity Type: Government Agency
Industry: Law Enforcement
Location: California, USA
Incident : Data Breach CAL416072625
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 1500
Incident : Data Breach CAL739072625
Entity Name: California Department of Rehabilitation
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAL854072625
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Social Services
Location: California
Incident : Data Breach CAD921072625
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California
Customers Affected: 1,415 patients, 1,735 employees and job applicants
Incident : Data Breach CAD211072725
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California, USA
Incident : Data Breach CAL732072725
Entity Name: California Department of Health Care Services
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Incident : Data Breach CAL902072725
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: 6000
Incident : Data Breach CAL455072725
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAL510072725
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 1
Incident : Data Breach CAL540072725
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAD531072825
Entity Name: Department of State Hospitals
Entity Type: Government Agency
Industry: Healthcare
Location: California
Customers Affected: 1000
Incident : Data Breach CAD749072825
Entity Name: California Department of State Hospitals – Coalinga
Entity Type: Government
Industry: Healthcare
Location: Coalinga, California
Incident : Data Breach CAL036072925
Entity Name: California Department of Child Support Services
Entity Type: Government Agency
Industry: Public Administration
Location: California, USA
Incident : Data Breach CAD531072925
Entity Name: California Department of State Hospitals
Entity Type: Government
Industry: Healthcare
Location: California, USA
Incident : Data Breach CAL104080425
Entity Name: California Department of Public Health
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Incident : Data Breach CAL1017090725
Entity Name: California Department of Rehabilitation
Entity Type: Government Agency
Industry: Public Administration / Social Services
Location: California, USA
Customers Affected: 12 (employees)
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Entity Name: California Department of Social Services
Entity Type: Government Agency
Industry: Public Administration / Social Services
Location: California, USA
Customers Affected: Unknown (In Home Supportive Services program participants)
Incident : Data Breach CAL547091725
Entity Name: California Department of Justice
Entity Type: Government Agency
Industry: Law Enforcement / Public Safety
Location: California, USA
Customers Affected: 100
Incident : Data Breach (Unauthorized Access) CAD034091825
Entity Name: California Department of State Hospitals
Entity Type: Government Agency
Industry: Healthcare
Location: California, USA
Customers Affected: 2032
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CAL184124422
Recovery Measures: Dedicated call center set up to help affected individuals
Incident : Data Breach CAL9230423
Containment Measures: Steps were taken right away to fix the access issue
Incident : Data Breach CAL601072525
Remediation Measures: Corrective actions implemented
Incident : Data Breach CAL011072625
Remediation Measures: Issuing new Beneficiary Identification Cards
Communication Strategy: Informing affected parties
Incident : Data Breach CAL152072625
Third Party Assistance: International Business Machines (Ibm), Iron Mountain Inc..
Incident : Data Breach CAD211072725
Communication Strategy: Notification letter with recommendations for identity theft protection
Incident : Data Breach CAL1017090725
Recovery Measures: Credit monitoring services offered to affected individuals
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Communication Strategy: Public disclosure on 2012-05-11
Incident : Data Breach (Unauthorized Access) CAD034091825
Communication Strategy: Public disclosure on March 17, 2021
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through International Business Machines (IBM), Iron Mountain Inc., .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CAL184124422
Type of Data Compromised: Names, Dates of birth, Addresses, Covid-19-related health information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Ransomware CAL2251141222
Number of Records Exposed: 246,000 files and 114,000 folders
Data Exfiltration: Yes
Incident : Data Breach CAL9230423
Type of Data Compromised: Social Security numbers
Number of Records Exposed: 3200
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Incident : Data Breach CAL601072525
Type of Data Compromised: Personal information
Number of Records Exposed: Unspecified
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security numbers
Incident : Data Breach CAL733072525
Type of Data Compromised: Names, Mailing addresses, Dates of birth, Social security numbers
Sensitivity of Data: High
Incident : Data Breach CAD846072525
Type of Data Compromised: Names, Dates of birth, Physical descriptions, Driver license numbers
Sensitivity of Data: High
Incident : Data Breach CAL011072625
Type of Data Compromised: Names, Client index numbers, Dates of birth, Genders
Number of Records Exposed: Unknown
Personally Identifiable Information: namesClient Index Numbersdates of birthgenders
Incident : Data Breach CAL152072625
Type of Data Compromised: Personal information
Sensitivity of Data: High
Personally Identifiable Information: namesaddressesSocial Security numbershealth insurance details
Incident : Data Breach CAL518072625
Type of Data Compromised: Individuals' names, Irs tax intercept amounts, Irs collection sources
Sensitivity of Data: High
Incident : Data Breach CAL543072625
Type of Data Compromised: Personal information, Health information
Sensitivity of Data: High
Incident : Data Breach CAL619072625
Type of Data Compromised: Names, Financial account information
Incident : Data Breach CAL416072625
Type of Data Compromised: Names, Addresses, County case numbers, Dates of birth, Last four digits of ssns
Number of Records Exposed: 1500
Sensitivity of Data: High
Incident : Data Breach CAL739072625
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Incident : Data Breach CAL854072625
Type of Data Compromised: Personal information
Sensitivity of Data: High
Personally Identifiable Information: children's namesaddressesdates of birthcard numbersEBT account numbers
Incident : Data Breach CAD921072625
Type of Data Compromised: Patient names, Covid-19 test results, Health information, Personal information of employees and job applicants
Number of Records Exposed: 1,415 patient records, 1,735 employee and job applicant records
Incident : Data Breach CAD211072725
Type of Data Compromised: Social security numbers, Other personal information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach CAL732072725
Type of Data Compromised: Social Security numbers
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Incident : Data Breach CAL902072725
Type of Data Compromised: Names, Addresses, Social security numbers, Medical information
Number of Records Exposed: 2000
Sensitivity of Data: High
File Types Exposed: Microfiche
Incident : Data Breach CAL455072725
Type of Data Compromised: Names, Social security numbers (ssn)
Sensitivity of Data: High
Incident : Data Breach CAL510072725
Type of Data Compromised: Personal information, Medical information
Number of Records Exposed: 1
Sensitivity of Data: High
Personally Identifiable Information: namedate of birthagemedicationsroom numbermedical record number
Incident : Data Breach CAD531072825
Type of Data Compromised: Full social security numbers, Names
Number of Records Exposed: 1000
Sensitivity of Data: High
Personally Identifiable Information: Full Social Security NumbersNames
Incident : Data Breach CAD749072825
Type of Data Compromised: Names, Case numbers, Birth dates, Legal commitments, Admission dates, Unit numbers, Genders
Sensitivity of Data: Medium
Incident : Data Breach CAL036072925
Type of Data Compromised: First names, Last names, Dates of birth, Addresses, Driver’s license numbers, Social security numbers
Sensitivity of Data: High
Incident : Data Breach CAD531072925
Type of Data Compromised: Personal information
Number of Records Exposed: 2952
Incident : Data Breach CAL104080425
Type of Data Compromised: Personal information, Medical information
Sensitivity of Data: High
Personally Identifiable Information: NamesExpected Delivery Dates
Incident : Data Breach CAL1017090725
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 12
Sensitivity of Data: High (includes SSNs)
File Types Exposed: Spreadsheet
Personally Identifiable Information: NamesSocial Security numbers
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Type of Data Compromised: Personal Information (specific types unknown)
Number of Records Exposed: Unknown
Sensitivity of Data: High (personal information)
Incident : Data Breach CAL547091725
Type of Data Compromised: Personally identifiable information (pii), License/permit data
Number of Records Exposed: 100
Sensitivity of Data: High (includes names, DOBs, addresses, and CCW license numbers)
Data Exfiltration: Yes (unauthorized release)
Personally Identifiable Information: Full NamesDates of BirthPhysical AddressesCCW License Numbers
Incident : Data Breach (Unauthorized Access) CAD034091825
Type of Data Compromised: Covid-19 test results, Health information
Number of Records Exposed: 2032
Sensitivity of Data: Moderate (health data, no SSNs/financial info)
Personally Identifiable Information: Partial (health data, no SSNs)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Corrective actions implemented, , Issuing new Beneficiary Identification Cards, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by steps were taken right away to fix the access issue and .
Ransomware Information
Was ransomware involved in any of the incidents ?
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Dedicated call center set up to help affected individuals, Credit monitoring services offered to affected individuals.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach CAL1017090725
Regulatory Notifications: Reported to the California Office of the Attorney General
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach CAD211072725
Recommendations: Identity theft protection measures
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Identity theft protection measures.
References
Where can I find more information about each incident ?
Incident : Data Breach CAL601072525
Source: California Department of Social Services
Date Accessed: 2023-02-16
Incident : Data Breach CAL733072525
Source: California Department of Social Services
Date Accessed: 2014-07-17
Incident : Data Breach CAL518072625
Source: California Office of the Attorney General
Date Accessed: 2022-09-13
Incident : Data Breach CAL543072625
Source: California Department of Public Health
Date Accessed: 2018-05-23
Incident : Data Breach CAL619072625
Source: California Department of Justice
Date Accessed: 2012-05-11
Incident : Data Breach CAL416072625
Source: California Department of Health Care Services
Incident : Data Breach CAL739072625
Source: California Office of the Attorney General
Date Accessed: 2017-12-07
Incident : Data Breach CAD921072625
Source: California Department of State Hospitals
Incident : Data Breach CAD211072725
Source: Notification letter
Incident : Data Breach CAL540072725
Source: California Department of Child Support Services
Incident : Data Breach CAD531072825
Source: California Office of the Attorney General
Date Accessed: 2024-02-28
Incident : Data Breach CAD749072825
Source: California Department of State Hospitals – Coalinga
Date Accessed: 2021-09-03
Incident : Data Breach CAD531072925
Source: California Department of State Hospitals
Incident : Data Breach CAL104080425
Source: California Department of Public Health
Incident : Data Breach CAL1017090725
Source: California Office of the Attorney General
Date Accessed: 2019-01-25
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Source: California Department of Social Services Public Statement
Date Accessed: 2012-05-11
Incident : Data Breach CAL547091725
Source: California Department of Justice Public Disclosure
Date Accessed: 2022-06-27
Incident : Data Breach (Unauthorized Access) CAD034091825
Source: California Department of State Hospitals Breach Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Department of Social ServicesDate Accessed: 2023-02-16, and Source: California Department of Social ServicesDate Accessed: 2014-07-17, and Source: CA DMV Data Breach ReportDate Accessed: 2015-11-06, and Source: California Office of the Attorney GeneralDate Accessed: 2022-09-13, and Source: California Department of Public HealthDate Accessed: 2018-05-23, and Source: California Department of JusticeDate Accessed: 2012-05-11, and Source: California Department of Health Care Services, and Source: California Office of the Attorney GeneralDate Accessed: 2017-12-07, and Source: California Department of State Hospitals, and Source: Notification letter, and Source: California Department of Child Support Services, and Source: California Office of the Attorney GeneralDate Accessed: 2024-02-28, and Source: California Department of State Hospitals – CoalingaDate Accessed: 2021-09-03, and Source: California Department of State Hospitals, and Source: California Department of Public Health, and Source: California Office of the Attorney GeneralDate Accessed: 2019-01-25, and Source: California Department of Social Services Public StatementDate Accessed: 2012-05-11, and Source: California Department of Justice Public DisclosureDate Accessed: 2022-06-27, and Source: California Department of State Hospitals Breach Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Investigation Status: Unknown (no follow-up details provided)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informing Affected Parties, Notification letter with recommendations for identity theft protection, Public disclosure on 2012-05-11, Public disclosure on March 17 and 2021.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach CAL1017090725
Customer Advisories: Credit monitoring services offered to affected employees
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Customer Advisories: Public notification issued to IHSS program participants (assumed)
Incident : Data Breach (Unauthorized Access) CAD034091825
Customer Advisories: Affected individuals were likely notified as part of regulatory requirements (e.g., HIPAA).
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Credit monitoring services offered to affected employees, Public notification issued to IHSS program participants (assumed), Affected individuals were likely notified as part of regulatory requirements (e.g. and HIPAA)..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach CAL518072625
Entry Point: Email
Incident : Data Breach (Unauthorized Access) CAD034091825
High Value Targets: Patient Health Data, Employee Health Data,
Data Sold on Dark Web: Patient Health Data, Employee Health Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach CAL184124422
Root Causes: Misconfiguration by a third-party contractor
Incident : Data Breach CAL601072525
Root Causes: Human Error
Corrective Actions: Corrective actions implemented
Incident : Data Breach CAL011072625
Root Causes: Computer Programming Error
Corrective Actions: Issuing New Beneficiary Identification Cards,
Incident : Data Breach CAL518072625
Root Causes: Human Error
Incident : Data Breach CAL104080425
Root Causes: Human Error
Incident : Data Breach (Physical Loss/Theft) CAL949091725
Root Causes: Physical security failure during transit of sensitive documents
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as International Business Machines (Ibm), Iron Mountain Inc., .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Corrective actions implemented, Issuing New Beneficiary Identification Cards, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Lockbit, Internal Employee, Internal Employee, Anonymous and Internal Employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-02-16.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-03-17.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2013-01-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, dates of birth, addresses, Covid-19-related health information, , 246,000 files and 114,000 folders totaling 75.3GB, Social Security numbers, , Names, Social Security numbers, , names, mailing addresses, dates of birth, Social Security numbers, , Names, Dates of Birth, Physical Descriptions, Driver License Numbers, , names, Client Index Numbers, dates of birth, genders, , names, addresses, Social Security numbers, health insurance details, , Individuals' names, IRS Tax Intercept amounts, IRS collection sources, , names, Social Security numbers, health insurance information, , Names, Financial Account Information, , names, addresses, county case numbers, dates of birth, last four digits of SSNs, , Names, Social Security Numbers, , children's names, addresses, dates of birth, card numbers, EBT account numbers, , patient names, COVID-19 test results, health information, personal information of employees and job applicants, , Social Security Numbers, Other personal information, , Social Security numbers, , names, addresses, Social Security numbers, medical information, , Names, Social Security numbers (SSN), , name, date of birth, age, medications, room number, medical record number, , Full Social Security Numbers, Names, , names, case numbers, birth dates, legal commitments, admission dates, unit numbers, genders, , First Names, Last Names, Dates of Birth, Addresses, Driver’s License Numbers, Social Security Numbers, , Personal Information, , Personal Information, Medical Information, , Employee names, Social Security numbers, , , names, dates of birth, addresses, CCW license numbers, , COVID-19 test results, health information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was ebtEDGE Web Admin platform.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was international business machines (ibm), iron mountain inc., .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Steps were taken right away to fix the access issue.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were health insurance information, county case numbers, 246,000 files and 114,000 folders totaling 75.3GB, Financial Account Information, Other personal information, dates of birth, Covid-19-related health information, name, case numbers, Social Security numbers, age, genders, Driver’s License Numbers, birth dates, Individuals' names, last four digits of SSNs, CCW license numbers, children's names, medical information, unit numbers, room number, names, patient names, Social Security numbers (SSN), First Names, Last Names, Personal Information, IRS collection sources, Physical Descriptions, EBT account numbers, admission dates, addresses, personal information of employees and job applicants, Employee names, card numbers, date of birth, Full Social Security Numbers, mailing addresses, Client Index Numbers, COVID-19 test results, Addresses, IRS Tax Intercept amounts, Social Security Numbers, legal commitments, health insurance details, medications, medical record number, Dates of Birth, Medical Information, Driver License Numbers, Names and health information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 364.5K.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Identity theft protection measures.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CA DMV Data Breach Report, California Office of the Attorney General, California Department of State Hospitals, California Department of Justice, California Department of State Hospitals – Coalinga, California Department of Social Services Public Statement, California Department of Justice Public Disclosure, California Department of Public Health, California Department of Health Care Services, California Department of Social Services, California Department of Child Support Services, Notification letter and California Department of State Hospitals Breach Notice.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Unknown (no follow-up details provided).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Credit monitoring services offered to affected employees, Public notification issued to IHSS program participants (assumed), Affected individuals were likely notified as part of regulatory requirements (e.g. and HIPAA).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Misconfiguration by a third-party contractor, Human Error, Computer Programming Error, Human Error, Human Error, Physical security failure during transit of sensitive documents.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Corrective actions implemented, Issuing new Beneficiary Identification Cards.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=state-of-california' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
