Cyber Incident Victim: Golden Gate Regional Center

On September 23, 2020, Golden Gate Regional Center (GGRC), a nonprofit organization providing services to individuals with developmental disabilities in Marin, San Francisco, and San Mateo counties, detected a security incident. The organization immediately assembled a response team and initiated an investigation. Conti ransomware actors claimed responsibility for encrypting GGRC’s systems and provided evidence by initially uploading over a dozen files from the organization. By September 29, DataBreaches.net attempted to contact GGRC regarding these claims but received no response. GGRC’s investigation confirmed unauthorized access and exfiltration of sensitive data, though the specific technical methods of infiltration or encryption were not disclosed publicly. The attackers continued expanding their data dump, eventually releasing over 2,500 files spanning nearly a decade of operational records by late November 2020.

The compromised data included names, GGRC-issued unique client identifier (UCI) numbers, service descriptions or codes, vendor or service provider details, months or years of service, and cost information related to client services. GGRC publicly acknowledged the breach on November 20, 2020, via a website notification, though it did not confirm whether exfiltrated personally identifiable information had been published online. Affected individuals received notification letters outlining protective steps and were offered complimentary identity monitoring and protection services. GGRC emphasized enrollment in these services as a precaution. The leaked files largely contained routine operational documents, such as vendor payment records and budgetary materials, but the scale of the decade-long data exposure raised concerns about prolonged institutional vulnerability. Conti’s continued addition of files to their leak site indicated ongoing risks, though no further updates regarding extortion demands or data recovery efforts were disclosed by GGRC.