Cyber Incident Victim: Housing Authority of the County of San Bernardino

On June 19, 2023, the Housing Authority of the County of San Bernardino (HACSB) identified potential unauthorized access to a single employee email account. The organization promptly reset the affected account's password and enlisted third-party forensic investigators to assess the incident's scope and nature. The investigation confirmed unauthorized access occurred within the compromised email account but found no evidence that the intruder viewed, accessed, or exfiltrated emails, attachments, files, or documents containing sensitive personally identifiable information (PII). HACSB clarified the event did not constitute a data leak or ransomware attack, with no indications of data misuse observed. Despite the absence of confirmed data exposure, HACSB reviewed the account's contents to identify individuals whose PII might have been stored within it. The organization maintained its status as the largest affordable housing provider in San Bernardino County, serving approximately 25,000 residents primarily comprising seniors, veterans, disabled individuals, and children.

HACSB notified all individuals whose PII was potentially present in the affected email account as a precautionary measure, though no evidence suggested this information was actually accessed. The organization offered affected individuals complimentary enrollment in one year of credit monitoring services. HACSB emphasized its serious approach to information security and described implementing corrective actions to prevent future incidents, though specific technical or procedural changes were not detailed publicly. No operational disruptions or additional compromised systems were reported beyond the single email account. The Housing Authority reiterated its commitment to protecting stakeholder data while continuing to provide housing services to vulnerable populations throughout the investigation and response period.