Cyber Incident Victim: City of Tucson
Date:
May 2022
Location:
United States of America
Summary
The City of Tucson experienced a network breach where an attacker accessed and exfiltrated files containing sensitive personal information of over 123,000 individuals. The unauthorized access occurred over a multi-week period, potentially compromising names, Social Security numbers, driver’s licenses, state identification numbers, and passport numbers. Suspicious activity was initially detected involving a compromised network account credential, with subsequent investigation confirming data exfiltration. While no misuse of the exposed information has been identified, affected individuals were notified and offered complimentary credit monitoring and identity protection services for one year. The municipality is reviewing its cybersecurity policies and implementing additional safeguards to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Tucson, Arizona, experienced a cybersecurity incident involving unauthorized access to its network between May 17 and May 31, 2022. Suspicious activity related to a user's network account credential was detected on May 29, prompting initial awareness of a potential breach. Forensic investigations revealed threat actors maintained network access for approximately two weeks, during which they exfiltrated an undisclosed number of files. The City confirmed on August 4, 2022, that certain files might have been copied and removed from its systems. A comprehensive review concluded on September 12, 2022, determining that personal information of 123,513 individuals was contained within the compromised files.
Impacted individuals began receiving breach notifications on September 23, 2022, advising them that exposed data included names, Social Security numbers, driver's license or state identification numbers, and passport numbers. The City found no evidence of misuse of the stolen information at the time of notification. Affected parties were instructed to monitor credit reports for suspicious activity indicative of identity theft or fraud. As remediation, the City offered 12 months of complimentary Experian credit monitoring and identity protection services. Officials publicly apologized for the incident and initiated reviews of existing cybersecurity policies while evaluating additional safeguards to prevent recurrence. No operational disruptions or financial demands from threat actors were disclosed in available reports.