A file containing personal details of San Diego Police Department employees, including individuals' names and contact information, was made available on the department's website in early January, the department confirmed to NBC 7 Wednesday.
"The San Diego Police Department became aware of a vulnerability in the department’s website that could have allowed someone to gain access to some members’ personal identifying information," department spokesman Lt. Daniel Meyer told NBC 7.
A data breach is defined by the state as any unencrypted personal information that was or is believed to have been acquired by an unauthorized person.
The department was notified of the "vulnerability" only after it received a call from someone who had located the information online, Assistant Chief Scott Wahl confirmed to NBC 7 on Wednesday.
"When this was brought to the department’s attention, the city took immediate corrective action to eliminate the vulnerability and unauthorized access to the data," Meyer added.
Some department members' information was accessed, Meyer confirmed, adding that the department was working to notify those who were affected.
As of Wednesday, the department was still in the process of determining the extent of the breach, according to Wahl.
"Affected Department members will be contacted, informed of the specific information that was potentially visible, and provided appropriate resources for remediation," Meyer said.
Wahl also confirmed that, included in the information, was data regarding COVID-19 symptomology of the members, but not data regarding vaccination status.
When asked, a spokesperson for the San Diego Police Officers Association, the union that represents a majority of department members, declined to comment on the matter since it was not the source of the breach.
Several other data breach incidents have been reported in recent years. Nearly 40,000 servicemembers had their data compromised after an unencrypted file was shared via email with a contractor in May 2023. In the October 2022, the personal information of many then-current and former SDUSD employees were released in a data breach.
Cybersecurity attacks have also affected healthcare systems, including the local Tri-City Medical Center, UC San Diego Health and San Ysidro Health systems.
