Cyber Incident Victim: California Department of Finance

On December 12, 2022, the California Department of Finance experienced a cybersecurity incident involving unauthorized intrusion into its systems. State officials publicly disclosed the breach the same day, confirming the activation of a coordinated response led by the California Cybersecurity Integration Center (Cal-CSIC). The Governor’s Office of Emergency Services stated the intrusion had been proactively identified through collaboration with state and federal security partners, though initial announcements provided limited technical details about the attack vector or initial access methods. Multiple agencies joined the response effort, including the California Department of Technology, the state Military Department, and the California Highway Patrol. Officials emphasized that no state funds were compromised during the incident, allowing the Department of Finance to continue preparing the Governor’s Budget scheduled for release the following month.

The LockBit ransomware gang claimed responsibility for the attack on December 13, 2022, asserting they had exfiltrated 75GB of data from the Department of Finance. This claim emerged one day after state authorities had acknowledged the cybersecurity incident without attributing it to any specific threat actor. Cal-CSIC continued its active investigation into both the intrusion and LockBit’s data theft assertions, though state officials did not publicly confirm the validity of the ransomware group’s data exfiltration claims. The incident prompted heightened operational coordination among California’s cybersecurity response entities, though critical financial systems remained unaffected. Departmental operations persisted throughout the investigation, with no reported disruption to budget preparation timelines or public financial management functions. Response efforts focused on containment, forensic analysis, and assessing potential data exposure while maintaining continuity of government operations.