The city of Tucson is the home of the University of Arizona and is about 100 miles southeast of Phoenix. Tucson boasts “the heart of the Sonoran Desert” and has a population of 1 million.
“On May 29th, 2022, the City learned of suspicious activity involving a user’s network account credential,” a notification letter (source Bleeping Computer) sent out by Tucson stated. “The City quickly began to investigate this report and worked with third party forensic specialists to review City systems to determine the full nature and scope of this event.” The city began to send out the letters on September 23rd, 2022.
We aren't exactly sure how the breach happened at the time of writing. It could have been a phishing campaign, a too-easy password of a city official, or a targeted attack.
This breach occurred between May 17th and May 21st, 2022.
The breach impacts certain members of the Tucson community. The letters, as mentioned above, were sent out to anyone the breach might have affected.
So far, we have an estimated 123,000 people affected by the breach. These people have had their social security numbers, names, addresses, passport numbers, driver’s licenses, and state IDs revealed and possibly stolen by the bad actor. The City of Tucson has offered the affected individuals one year of Experian credit monitoring.