Grass Valley CA Pwned… Data Stolen

An investigation into a data breach attack of Grass Valley, California, has discovered city employee and citizen information was exposed. The breach, which occurred between April 13th and July 1st, 2021, resulted in an attacker transferring files outside of the network, including financial and personal info of “individuals associated with Grass Valley”.

I have some commentary from Saryu Nayyar, CEO and Founder of Gurucul on this attack:

“The ability to understand users, access and entitlements are essential in determining anomalous behaviors for determining whether access to and transmissions of sensitive data is actually the work of a malicious threat actor. Moving from traditional SIEMs and XDR tools to a next generation SIEM with XDR capabilities is critical as the initial activity, before data theft occurs, can be prioritized as a high-risk event based on a baseline of what is normal as well as monitoring for deviations that are indicative of an attack campaign, especially with adaptable Machine Learning (ML) models.”

It’s pretty clear that prevention and detection are the best ways to avoid being the next Grass Valley. Thus hopefully organizations of all sizes take note of this incident and plan their defences accordingly.

UPDATE: Elizabeth Wharton who is the VP Operations of SCYTHE

Municipalities struggle to identify and respond to data breaches, as I’ve experienced first-hand in the past. They suffer significantly from the cybersecurity skills gap, often with limited budgets. The cybersecurity industry needs to give them tools that help their teams gain experience with real-world threats so that they can continuously validate their processes and technologies, but it needs to provide them at a price-point that makes sense. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: