The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.
The incident was identified at the end of May 2022, but the city concluded its investigation only last month.
In a data breach notice on its website, the city says that the incident was the result of compromised network account credentials that allowed the attackers to access files containing the personal information of some individuals.
The exposed data included name, Social Security number, driver’s license number, state identification number, and passport number.
While the city says it has no evidence that the exposed information has been misused, such data is often sold on dark web portals or used for phishing, identity theft, and other types of attacks.
On September 23, the city started informing the impacting individuals of the data breach, and then began notifying the appropriate authorities.
The City of Tucson submitted a notification letter sample to the Maine Attorney General’s Office, saying that just over 123,500 were impacted in the incident.
The city says it was able to contain and remediate the breach soon after identifying it, and that it is also implementing additional measures to improve its cybersecurity.
Furthermore, the city announced that it is offering access to credit monitoring services to the impacting individuals, at no cost, along with guidance on how to protect themselves against identity theft and fraud.
Related: Supply Chain Attack Targets Customer Engagement Firm Comm100
Related: Optus Says ID Numbers of 2.1 Million Compromised in Data Breach
Related: Auth0 Finds No Breach Following Source Code Compromise
Related: Fast Company Hack Impacts Website, Apple News Account