Central Valley Regional Center (“CVRC”) has become aware of a data security incident that may have involved the personal and protected health information of some of the individuals it serves. CVRC is sending notification letters to the potentially impacted individuals to notify them of this incident and to provide resources to assist them in protecting their information.
On July 29, 2019, CVRC learned that an unauthorized third party may have gained access to an employee’s email account. Once discovered, CVRC disabled access to the account, immediately began an investigation, and engaged a computer forensics firm to determine the scope of the incident. Based on the results of the investigation and the computer forensic firm’s findings, it was determined that CVRC employee email accounts were subject to unauthorized access on July 25–August 2, 2019. On August 12, 2019, the investigation first revealed that data containing individuals’ personal information within one or more email accounts may have also been affected. This information may have included individuals’ names, addresses and contact information, dates of birth, dates of death, Social Security numbers, driver’s license information, state identification card or other government identification numbers, Medi-Cal numbers, UCI numbers, and/or medical or health information or health insurance information. For a limited number of individuals, Taxpayer Identification numbers, financial account or payment card information, PINs or other access codes, account passwords, usernames, email addresses or electronic identifiers and the means to access the related accounts, and/or IRS PINs may have also been affected.
CRVC completed a thorough review of the affected accounts to determine whose personal information may have been impacted by the data incident, and to provide notification to those affected.
CVRC is providing letters to affected individuals within the coming days to notify them of in the incident. Notification letters will include information about the incident and steps that potentially impacted individuals can take to monitor and protect their personal information. CVRC has established a toll-free call center to answer questions about the incident and to address related concerns. The call center can be reached at 1-833-967-1095. Although CVRC is not aware at this time of the misuse of any impacted information, potentially impacted individuals are also being offered complimentary credit monitoring and/or identity protection services through ID Experts’ MyIDCare.