City of Pittsburg Data Breach Affects 39,989 Individuals

On Aug. 18, 2024, the City of Pittsburg, California, discovered a data breach that impacted a portion of its digital environment. The breach occurred between Aug. 6 and Aug. 18, 2024, and affected a total of 39,989 individuals in the United States, including two Maine residents and nine Massachusetts residents.

According to official disclosures, the breach exposed a range of sensitive personally identifiable information (PII): names, Social Security numbers, driver’s license numbers, credit and debit card numbers, and financial account information.

The breach was detected when the city noticed unauthorized activity in its systems. In response, the city immediately contained the incident and engaged third-party cybersecurity specialists to investigate the scope and nature of the attack. While the specific method of intrusion and the responsible party have not been publicly detailed, the exposure of Social Security numbers, financial account details and driver’s license numbers indicates a high level of severity and risk for identity theft and financial fraud.

The city notified the public about the incident on Aug. 23, 2024, and established a dedicated call center and informational website. The investigation concluded that the breach involved individuals who may have interacted with various city departments, such as Water Utility Billing or the Business License Division.

For more details, see the Maine Attorney General’s breach disclosure, Massachusetts Attorney General’s breach disclosure and California Attorney General’s breach report.

City of Pittsburg’s response

After detecting the incident, the City of Pittsburg took immediate steps to contain and investigate the breach. They worked with external cybersecurity experts to conduct a comprehensive review of their systems and the affected data. The city also strengthened authentication protocols and deployed new technologies to improve threat detection and response capabilities. Federal law enforcement was notified as part of the response.

To support affected individuals, the city is offering 24 months of complimentary credit monitoring and identity protection services through Experian IdentityWorks. Impacted individuals received written notification by mail, which included instructions for enrolling in these services and a unique activation code. The city’s dedicated call center remains available for 90 days from the date of notification to answer questions and provide assistance.

The city has also published detailed guidance on steps individuals can take to protect themselves, such as reviewing account statements, ordering free annual credit reports, placing fraud alerts or security freezes on their credit files, and contacting the Federal Trade Commission or law enforcement if identity theft is suspected.