The Department of Toxic Substances Control is an environmental organization that works to keep toxic substances out of the waterways and from exposing residents of California. The organization audits companies and requires fixes to environmental violations.
The DTSC data breach occurred because one of the email inboxes at the organization was broken into. Once inside the inbox, an attacker was able to gather confidential information. No files were removed from the inbox, but the attacker could have taken notes of private information contained within the email account if they decided to.
The security team at DTSC discovered the data breach on March 10, 2023. At that time, the team began working to secure the network, and the organization began drafting letters to let other people know about the incident.
This Department of Toxic Substances Control breach impacts individuals that had data stored with the organization. If you had your data on file with this organization, you might have been exposed during the breach and need to take steps to protect your information.
No specific DTSC files were compromised in the breach, but some may have been viewed by the user that got into the email account. While in the account, the individual could have looked at any of the documents contained within it and could have copied down information for users with information in the email.