The city of Tucson has reported a data breach that put more than 123,500 individualsโ personal information at risk for fraudulent use.
The potentially stolen data includes individualsโ names, Social Security numbers, driverโs license or state identification numbers and passport numbers, the city says.
Tucson has sent letters to all those whose data was left vulnerable in the breach and offered a yearโs worth of credit monitoring services to help detect identity fraud and other harmful uses of personal information.
According to Principal Assistant City Attorney Roi Lusk, the city detected suspicious activity May 29 when someone hacked into a userโs account and may have copied data from the cityโs network.
The city brought on forensic specialists to examine the nature of the breach in an investigation that lasted five weeks and revealed the sensitive nature of the data potentially copied from the cityโs network and those whose information could have been leaked. Notices were mailed to affected individuals Sept. 29.
There is no indication the information leaked has been used fraudulently, according to Lusk, based on scans of the dark web in conjunction with forensic specialists and state and federal partners. For the majority of those notified, their information was left vulnerable in the breach, โwe canโt determine for certain that information even left the network,โ Lusk said.
Those the city notified their personal information was left vulnerable include current and former city employees, licensees of the city and even those who havenโt done business in the city due to a verification process the Department of Revenue conducts to ensure people arenโt operating businesses in cities where they donโt pay taxes, according to Lusk.
According to Jim Van Dyke, the senior vice president of innovation at Sontiq, an identity security company, municipal data breaches are relatively common, but the nature of Tucsonโs data leak is โpretty badโ due to the three government identifiers that were potentially leaked.
The combination of leaked Social Security, driverโs license and passport numbers increase an individualโs likelihood of new credit or loan accounts being fraudulently taken out in an individualโs name. Another risk posed by the cityโs data breach is legal evasion, where someone can attempt to steal anotherโs identity with the intent to commit unlawful activity and evade detection, according to Van Dyke.
โThis is a particular breach in which people need to take active steps to protect themselves,โ he said. Breached individuals โdefinitely should not ignore it, and if they have that feeling of helplessness, realize that thatโs common, and yet, they donโt want to let themselves get into a state of inertia. โฆ Itโs a good opportunity just to go back through some standard procedures. And in this case, walk or freeze your credit, notify law enforcement and set fraud alerts on your credit report.โ
Van Dyke said everyone who received a notice from the city should take advantage of the free credit monitoring services.
To increase the cityโs data security efforts, Lusk said Tucson is determining how the city can better protect user information in the future. The city has hired third-party forensic specialists to monitor more than 6,000 city servers, laptops and PCs used to conduct city business while enhancing monitoring systems that alert staff to security breaches.
โThe difficulty is these attacks happen all day, every day. For the most part, our IT department does a fantastic job of keeping us safe and keeping that data safe. But of course, it only takes one failure of any part of that system to cause some issues,โ Lusk said. โWeโre evolving all the departments, and weโre evolving leadership all the way down to the individual city employee to make sure that this kind of thing doesnโt happen.โ
The data breach occurred after the former head of Tucsonโs IT department Colin Boyce resigned. Lusk said interim directors took charge of managing the data breach, and new Chief Information Officer Christopher Mazzarella came on board early to aid in the efforts.
The City Council approved Mazzarellaโs hiring as the head of the cityโs IT efforts on Oct. 5. He previously led IT strategy development for Raytheon Missiles and Defense.
ICYMI: Watch the Star's top videos from the past week
New Javelina Statue unveiled along River path
Updated
Student led rally about school safety at the University of Arizona
Updated
New Mural highlights wildlife along River Walk
Updated
Pima County Board of Supervisors discusses end of Title 42
Updated
ChronicCon is canceled
Updated
Forest Service officials looking for suspect in wildfire on Mount Lemmon
Updated
A trip to Tucson's year-round farmers market at Rillito Park
Updated
Tucson police release video of fatal March 3 shootout
Updated
Take a tour of the Blue Moon Community Garden
Updated
Rep. Stahl Hamilton apologizes for hiding copies of the Bible
Updated
Arizona lawmakers propose bill to limit access to online pornography
Updated
President of TUSD board voices support for LGBTQ+ students and staff
Updated
Footage shows Rep. Stahl Hamilton moving Bibles
Updated
Mountain lion caught on doorbell camera outside Bisbee home
Updated
Time lapse: Northern Lights seen over Tucson
Updated
Trail camera catches a busy beaver on the San Pedro River