© 2023 CyberNews- Latest tech news,
product reviews, and analyses.

California state prison system suffered a cyberattack, potentially exposing sensitive medical data


Threat actors managed to access the computer system of the California Department of Corrections and Rehabilitation (CDCR), potentially impacting 236,000 people.

During a maintenance session in January 2022, CDCR noticed suspicious activity on a computer system dating back to December 2021. A multi-agency investigation later revealed that a threat actor managed to access the system.

Although the Department’s statement suggests that there was no sign of someone copying personal data, it is nonetheless “possible that someone may have looked at your information while in the system.”

The breach potentially affected 236,000 people, including staff and visitors who were tested for COVID-19 by the department from June 2020 through January 2022, as well as information about people on parole who are in substance use disorder treatment programs

It also might have included mental health information for the incarcerated population in the Mental Health Services Delivery System going as far back as 2008. For those impacted, their name, CDCR number, mental health treatment, mental health history, and mental health diagnosis could have been exposed.

The CDCR’s statement suggests that some of the accessed data included Social Security Numbers, driver’s license numbers, and trust account information.

“At this time and as a result of our forensic analysis, CDCR does not have any collaborating evidence which suggests the data exposed has been compromised or misused,” CDCR said in a statement.

In response to the breach, CDCR shut down the system and initiated a multi-agency law enforcement and forensic investigation.


More from Cybernews:

Deepfakes could facilitate real estate fraud, experts warn

Bejing wants to know about all the bugs, and it’s troubling

How China became big business for Twitter

Cruise robotaxis coming to Austin and Phoenix

Google met with €25bn lawsuit in UK and EU for anticompetitive adtech practices

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked