The privacy and security of the personal information we maintain are of the utmost importance to the City of Rancho Palos Verdes. We are writing to provide you with information regarding a cybersecurity incident that may have impacted your information. We want to provide you with information about the incident and let you know that we continue to take significant measures to ensure the security and integrity of Rancho Palos Verdes’ information systems.
On December 22, 2022, the City of Rancho Palos Verdes became aware of unusual activity involving a single city employee’s email account. In response, we immediately took steps to secure our digital environment and assess the potential impact of this incident. This investigation determined that between 2:25 p.m. PST and 5:20 p.m. PST, one employee’s email account may have been accessed without authorization and then used to send a phishing email to approximately 400 recipients, which included City Employees, vendors, and other email contacts. In particular, the document linked in the phishing email had the ability to capture any credentials entered into it and provide them to the threat actors. The link to that document was active only for approximately 10 minutes, between 5:15 p.m. PST and 5:25 p.m. PST, at which point the RPV IT Department disabled the phishing link and secured the compromised account.
Please note this incident was limited to information transmitted by email to this single city employee and did not impact any other City information systems. Additionally, the City is not aware of any misuse or attempted misuse of information.
What We Are Doing?
Upon learning of this issue, we immediately took steps to secure the compromised account and conducted an internal investigation to assess the nature and scope of the potential compromise.
What Information Was Involved?
Specifically, an account login credential of a single city employee was compromised. There is no indication that any sensitive or confidential information has been accessed. It has been assessed that the only activity taken by the threat actors was to share a malicious file via a mass email in an attempt to steal more credentials. We have no evidence that any sensitive or confidential information has been accessed or misused.
What You Can Do?
We have no evidence that any sensitive or confidential information has been accessed or misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident. Following basic email security best practices is enough to identify phishing email from the compromised email account. However, if you think you might have accidentally entered your account credentials on a compromised phishing email, please refer to the attached guidance for additional steps you can take to protect your personal information.
For More Information.
Please accept our apologies that this incident occurred. We remain fully committed to maintaining the security of all the City’s information systems and the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of personal information.
If you have any further questions regarding this incident, please contact the RPV IT Manager, Lukasz Buchwald at 310-544-5311 or via email at email@example.com.