Cyber Incident Victim: Tessie Cleveland Community Services

On June 30, 2022, Tessie Cleveland Community Services Corp., a California-based mental health clinic, discovered unauthorized access to several employee email accounts. The breach occurred between June 17 and June 30, 2022, spanning approximately two weeks. An investigation determined that an unknown individual gained access to the email accounts during this period. The organization assessed that the intrusion was likely part of an attempt to commit business fraud against Tessie rather than targeting specific individuals' personal information. No evidence suggested the attacker sought patient data as a primary objective. Tessie Cleveland initiated an immediate review of the compromised email accounts to identify affected individuals and assess the scope of exposed information.

The review confirmed that the accessed email accounts contained client information, including names, demographic details, health insurance identification numbers, and limited information regarding care received at Tessie. Social Security numbers were exposed in some instances. The breach impacted 9,747 individuals. Tessie Cleveland stated it found no evidence of actual misuse of the exposed data but undertook measures to enhance the security of its email and network environment. Notification letters were not explicitly mentioned in the disclosure, but the organization affirmed its commitment to securing systems against future incidents. The clinic emphasized its belief that the attacker’s intent centered on financial fraud against the organization rather than identity theft targeting patients.