The city of Tucson has reported a data breach that put more than 123,500 individualsβ personal information at risk for fraudulent use.
The potentially stolen data includes individualsβ names, Social Security numbers, driverβs license or state identification numbers and passport numbers, the city says.
Tucson has sent letters to all those whose data was left vulnerable in the breach and offered a yearβs worth of credit monitoring services to help detect identity fraud and other harmful uses of personal information.
According to Principal Assistant City Attorney Roi Lusk, the city detected suspicious activity May 29 when someone hacked into a userβs account and may have copied data from the cityβs network.
The city shut down its website and online services for two days after discovering the activity βto make sure that no additional information can be taken or any additional harm can be done,β Lusk said.
The city brought on forensic specialists to examine the nature of the breach in an investigation that lasted five weeks and revealed the sensitive nature of the data potentially copied from the cityβs network and those whose information could have been leaked. Notices were mailed to affected individuals Sept. 29.
There is no indication the information leaked has been used fraudulently, according to Lusk, based on scans of the dark web in conjunction with forensic specialists and state and federal partners. For the majority of those notified, their information was left vulnerable in the breach, βwe canβt determine for certain that information even left the network,β Lusk said.
Those the city notified their personal information was left vulnerable include current and former city employees, licensees of the city and even those who havenβt done business in the city due to a verification process the Department of Revenue conducts to ensure people arenβt operating businesses in cities where they donβt pay taxes, according to Lusk.
According to Jim Van Dyke, the senior vice president of innovation at Sontiq, an identity security company, municipal data breaches are relatively common, but the nature of Tucsonβs data leak is βpretty badβ due to the three government identifiers that were potentially leaked.
The combination of leaked Social Security, driverβs license and passport numbers increase an individualβs likelihood of new credit or loan accounts being fraudulently taken out in an individualβs name. Another risk posed by the cityβs data breach is legal evasion, where someone can attempt to steal anotherβs identity with the intent to commit unlawful activity and evade detection, according to Van Dyke.
βThis is a particular breach in which people need to take active steps to protect themselves,β he said. Breached individuals βdefinitely should not ignore it, and if they have that feeling of helplessness, realize that thatβs common, and yet, they donβt want to let themselves get into a state of inertia. β¦ Itβs a good opportunity just to go back through some standard procedures. And in this case, walk or freeze your credit, notify law enforcement and set fraud alerts on your credit report.β
Van Dyke said everyone who received a notice from the city should take advantage of the free credit monitoring services.
To increase the cityβs data security efforts, Lusk said Tucson is determining how the city can better protect user information in the future. The city has hired third-party forensic specialists to monitor more than 6,000 city servers, laptops and PCs used to conduct city business while enhancing monitoring systems that alert staff to security breaches.
βThe difficulty is these attacks happen all day, every day. For the most part, our IT department does a fantastic job of keeping us safe and keeping that data safe. But of course, it only takes one failure of any part of that system to cause some issues,β Lusk said. βWeβre evolving all the departments, and weβre evolving leadership all the way down to the individual city employee to make sure that this kind of thing doesnβt happen.β
The data breach occurred after the former head of Tucsonβs IT department Colin Boyce resigned. Lusk said interim directors took charge of managing the data breach, and new Chief Information Officer Christopher Mazzarella came on board early to aid in the efforts.
The City Council approved Mazzarellaβs hiring as the head of the cityβs IT efforts on Oct. 5. He previously led IT strategy development for Raytheon Missiles and Defense.
ICYMI: Watch the Star's top videos from the past week
New Javelina Statue unveiled along River path
Updateda new art sculpture was unveiled along the river path near Campbell Avenue. The statue features a javelina on a bike with an extra seat behind for the community to interact and sit on. Video by Pascal Albright/ Arizona Daily Star
Student led rally about school safety at the University of Arizona
UpdatedAbout 40 students and supporters showed up in front of Old Main to rally for change in school policies and administration on the University of Arizona campus, May 4. Video by Pascal Albright / Arizona Daily Star
New Mural highlights wildlife along River Walk
UpdatedA new mural is bringing color to the river walk. The new mural located near country club features vibrant depictions of Arizona wildlife. Video by Pascal Albright / Arizona Daily Star
Pima County Board of Supervisors discusses end of Title 42
UpdatedWatch now: Pima County is preparing to receive an increased number of asylum seekers when Title 42 ends on May 11. Video courtesy of Pima County
ChronicCon is canceled
UpdatedChronicCon, which had been scheduled for May 20th out at Cocoroque Ranch and Pavilion, has been canceled due to a reorganization of the Arizona Daily Star.
Forest Service officials looking for suspect in wildfire on Mount Lemmon
UpdatedForest Service Fire Investigators are trying to identify a man seen on video shooting a gun where the Molino basin wildfire started April 30. Officials are asking anyone with information to call 520-388-8343 or email the Coronado National Forest at Mailroom_R3_Coronado@usda.gov. Video courtesy of the U.S. Forest Service.
A trip to Tucson's year-round farmers market at Rillito Park
UpdatedHeirloom Farmer Markets' weekly offerings at Rillito Park near the Chuck Huckelberry Loop can be found every Sunday morning. The market's current hours are 8 a.m. to noon.
Tucson police release video of fatal March 3 shootout
UpdatedAaron Martinka, 28, was shot and killed by Tucson police after firing at them during a traffic stop near North Campbell Avenue and East Grant Road, authorities say. Video courtesy of the Pima Regional Critical Incident Team.
Take a tour of the Blue Moon Community Garden
UpdatedBlue Moon Community Garden is one of 17 gardens overseen by the nonprofit Community Gardens of Tucson. Through regular events for gardeners and neighbors, CGT aims to bring people together to grow not only healthy foods, but also relationships. Video by Caitlin Schmidt / Arizona Daily Star
Rep. Stahl Hamilton apologizes for hiding copies of the Bible
UpdatedRep. Stephanie Stahl Hamilton, D-Tucson, apologized Wednesday to colleagues for moving and hiding copies of the Bible in the House membersβ lounge, saying she was trying to make a βplayfulβ point about the separation of church and state. Video courtesy of Arizona Capitol Television.
Arizona lawmakers propose bill to limit access to online pornography
UpdatedAfter being initially shot down, a new version of State Bill 1503, is being considered by Arizona lawmakers. Video courtesy of Arizona Capitol Television.
President of TUSD board voices support for LGBTQ+ students and staff
UpdatedTucson Unified School District's Governing Board President Ravi Shah spoke in support of LGBTQ+ students and district staff members during a board meeting Tuesday. Shah also showed support for an upcoming student-led drag show at Tucson High.
Footage shows Rep. Stahl Hamilton moving Bibles
UpdatedRep. Stephanie Stahl Hamilton, D-Tucson, was recently filmed hiding copies of the Bible inside a state Capitol lounge. Video courtesy of the Arizona House of Representatives.
Mountain lion caught on doorbell camera outside Bisbee home
UpdatedA mountain lion was recently seen in Bisbee on the porch of a home about 80 miles southeast of Tucson. The Arizona Game and Fish Department asks that sightings are reported at 623-236-7201 so officials can track the movement and behavior of wildlife. Video courtesy of AZGFD.
Time lapse: Northern Lights seen over Tucson
UpdatedThis footage showing the aurora borealis was captured by a camera belonging to the NASA-funded Catalina Sky Survey at Mount Bigelow on April 23 from sundown to about 10 p.m. Video courtesy of David Rankin.
Trail camera catches a busy beaver on the San Pedro River
UpdatedThe river's beaver population is hanging on almost 25 years after being reintroduced by wildlife officials.
