Cyber Incident Victim: City of San Luis

The City of San Luis, Arizona, experienced a data breach involving unauthorized access to an employee’s email account containing protected health information. Suspicious activity within the email account was first detected on March 7, 2023, prompting an immediate forensic investigation. The investigation confirmed that unauthorized individuals had accessed the account over a 23-day period, from February 1 to February 23, 2023. During this timeframe, attackers gained persistent access to emails and attachments stored within the compromised account. The forensic review of all accessible content within the account, including attachments and message bodies, concluded on May 4, 2023. This review process was necessary to identify the specific individuals impacted and the types of exposed data. Following the investigation, the City undertook a verification process to confirm mailing addresses for affected individuals before issuing breach notifications.

The breach exposed sensitive information belonging to 6,848 individuals. Compromised data included full names, residential addresses, driver’s license numbers, health insurance details, medical information, dates of birth, and Social Security numbers. The City did not specify whether the attackers exfiltrated data or merely accessed it, nor did they identify the threat actors involved. Response actions focused on notifying all affected individuals through mailed letters after completing address verification. While the City did not publicly disclose whether credit monitoring services were offered, standard breach remediation practices suggest such measures were likely implemented given the exposure of Social Security numbers and medical data. No evidence of data misuse was reported at the time of disclosure, and the City did not detail specific technical security improvements enacted following the incident beyond concluding their forensic review and notification processes.