Notice of Data Security Incident

Post

At the City of Grass Valley, we understand the importance of protecting the information that we maintain. We are in the process of notifying individuals of an incident that involved some of their information. This notice describes the incident, the populations of individuals potentially involved, measures we have taken, and some steps that individuals involved may consider taking in response.

 

What Happened?

Grass Valley completed an investigation into unauthorized access to some of our computer systems. Upon discovering the incident, we immediately took steps to secure our network, contacted law enforcement, and began an investigation with the assistance of a cybersecurity firm. Through our investigation, we determined that an unauthorized person obtained access to certain Grass Valley computer systems between April 13, 2021 and July 1, 2021. After further investigation, we discovered that the unauthorized person transferred files outside of our network.

What Information Was Involved?

We thoroughly reviewed the data involved and, on December 1, 2021, determined that the files contained some information related to individuals associated with Grass Valley, including:

 

•          For Grass Valley employees, former employees, spouses, dependents, and individual vendors, name and one or more of the following: Social Security number, driver’s license number, and limited medical or health insurance information.

•          For individual vendors that were hired by the city, name and Social Security number.

•          For individuals whose information may have been provided to the Grass Valley Police Department, name and one or more of the following: Social Security number, driver’s license number, financial account information, payment card information, limited medical or health insurance information, passport number, and username and password credentials to an online account.

•          For individuals whose information was provided to the Grass Valley Community Development Department in loan application documents, name and one or more of the following: Social Security number, driver’s license number, financial account numbers, and payment card numbers.

 

What Can You Do?

After reviewing the available data, on January 7, 2022, we began notifying individuals whose information was involved in the incident. We recommend that all individuals whose information was involved remain vigilant for incidents of fraud or identity theft by reviewing their account statements and free credit reports for any unauthorized activity and report such activity to the financial institution and appropriate law enforcement agency.

 

What Are We Doing?

We sincerely regret that this occurred and apologize for any inconvenience or concern.  To help prevent something like this from happening again, we continue to review our systems and are taking steps to enhance our existing security protocols. In addition, to help relieve concerns and restore confidence following this incident, we are offering individuals whose Social Security number or driver’s license number was involved in the incident a complimentary one-year membership to Experian’s® IdentityWorksSM. This product helps detect possible misuse of your personal information and provides you with identity protection support. If you believe that you may have been impacted by this incident and would like to receive additional instructions on whether you are eligible for an Experian complimentary membership to credit monitoring services, please call our dedicated call center at (855) 252-3244 from 6:00 am to 8:00 pm Pacific time, Monday through Friday, and 8:00 am to 5:00 pm Pacific time, Saturday and Sunday, excluding major U.S. holidays. The Experian engagement number is B023304.

 

For More Information

If you have any questions, please call our dedicated call center at please call (855) 252-3244 from 6:00 am to 8:00 pm Pacific time, Monday through Friday, and 8:00 am to 5:00 pm Pacific time, Saturday and Sunday, excluding major U.S. holidays.