San Bernardino housing authority cyberattack affected nearly 19,000 people

The housing authority in California’s San Bernardino County notified nearly 19,000 people this week that their information was compromised in a June cyberattack.

The organization said names and Social Security numbers were leaked after hackers accessed an employee email account on June 19.

“Upon discovery, we immediately performed a password reset for the affected account and engaged a third-party team of forensic investigators in order to determine the full nature and scope of the incident. Following a full and thorough investigation, it was confirmed that one employee email account was subject to unauthorized access during this incident,” they said.

“Following a thorough review, [Housing Authority of the County of San Bernardino] confirmed that a limited amount of information may have been accessed by an unauthorized third-party in connection with this incident.”

The organization sent notices to regulators in Maine and California. The 18,689 people affected will get one year of free credit monitoring services.

HACSB has operated for more than 80 years and now serves about 26,000 people — most of whom are seniors, individuals with disabilities, veterans and children.

It provides rental assistance to low-income families either by housing families in units HACSB owns and manages or by providing subsidized housing assistance to a landlord for renting their housing unit to families.

The San Bernardino County’s sheriff's department spent weeks last year recovering from a ransomware attack.

HACSB is the latest housing authority in the U.S. to face attacks by hackers. North Carolina’s Raleigh Housing Authority was attacked by ransomware hackers in August 2023, and the Housing Authority of the City of Los Angeles (HACLA) was targeted by the LockBit ransomware group last January.

The same LockBit gang claimed it attacked the Chattanooga Housing Authority in November, but the attack was never confirmed by city officials, and the Indianapolis Housing Agency dealt with its own ransomware attack in October 2022.

The attack in Indianapolis leaked the information of more than 200,000 people, including Social Security numbers and more. The Cuyahoga Metropolitan Housing Authority in Cleveland also had data stolen during a ransomware attack in 2021.