​June 22, 2021 Data Breach ​Frequently Asked Questions​

​The exposure of protected health information and Personal Identifiable Information records from the Sacramento County Departments of Health Services/Behavioral Health and Child, Family & Adult Services} were identified in the investigation of a June 22, 2021 data breach. Please review the frequently asked questions regarding the incident.​

Data Breach Nam​e Verification application decommissioned as of January 10, 2023.​​


On June 22, 2021, Sacramento County was the target of a malicious phishing campaign. An unknown threat actor obtained access to several employees' credentials and began using those credentials to access the users' email accounts. An internal investigation has determined that emails within the compromised mailboxes contained sensitive information.​​

If you received a Breach Notification Letter, you were affected by this breach. If you received services from the Department of Health or the Department of Child, Family, and Adult Services you may be affected by this breach. The breached information was limited to the content contained in impacted users’.

Data Breach Name Verification application decommissioned as of January 10, 2023.​​​​

The information was limited to your first name, last name, date of birth, and medical health information such as service type, location of service, dates of service and, diagnosis/condition.​

Once the breach was identified Sacramento County removed malicious emails and reset compromised user credentials.​

To help prevent something like this from happening in the future, we have required additional verification at sign-in to County systems to make it much harder to access County systems. Additional safeguards include strengthening our policies and procedures and improving​ our Security Awareness Training.​

Yes. The breach did not contain any other information, such as Social Security number, Driver's License number, or financial account numbers, which could expose you to identity theft. However, to protect the identity of the exposed individuals and in alignment with California Law, a breach notification that includes 12 months of credit monitoring, credit resolution, and identity restoration services to all impacted individuals.

Yes. Sacramento County reported the event to the Sacramento Sheriff (Case #21-211501) and the Department of Homeland Security (Case#2021-USCERTv3142X8).​

You were not the only individual affected by this breach. There were multiple County clients affected by this breach.

You can place a fraud alert on your credit files. Simply call any one of the three credit bureaus at the numbers provided below and follow the “fraud victim" instructions. The one you call will notify the others to place the alert. When you call the credit bureau fraud line, you will be asked for identifying information and will be given the opportunity to enter a phone number for creditors to call.  You may want to make this your cell phone number.

  • Trans Union – 1-800-680-7289
  • Experian – 1-888-397-3742
  • Equifax – 1-800-525-6285

The credit bureaus ask for your Social Security number and other information in order to identify you and avoid sending your credit report to the wrong person. It is okay to give this information to the credit bureau that you call.​

No. If you call just one of the bureaus, they will notify the other two. A fraud alert will be placed on your file with all three and you will receive a confirming letter from all three.

You must first order your credit reports. When you receive your reports, each one will have a phone number you can call to speak with a live person in the bureau's fraud unit. If you see anything on any of your reports that looks unusual or that you don't understand, call the number on the report.

A fraud alert is a message that credit issuers receive when someone applies for new credit in your name. The message tells creditors that there is possible fraud associated with the account. They must take steps to verify the identity of the applicant. For example, they may call you at the phone number your provided when placing the fraud alert.

No. A fraud alert will not stop you from using your existing credit cards or other accounts. It may slow down your ability to get new credit. Its purpose is to help protect you against an identity thief trying to open credit accounts in your name. Credit issuers get a special message alerting them to the possibility of fraud. Creditors know that they should re-verify the identity of the person applying for credit.

You should still be able to get credit. While a fraud alert may slow down the application process, you can prove your identity to a prospective creditor by providing identifying information.​

Look for any accounts that you do not recognize, especially accounts opened recently. Look at the inquiries or requests section for names of creditors from whom you have not requested credit. Note that some kinds of inquiries labeled something like “promotional inquiries," are for unsolicited offers of credit, mostly from companies with whom you do business.​

You should immediately notify your local law enforcement agency, contact any creditors involved and notify the credit bureaus. For more information on what to do, see the Identity Theft Victim Checklist on the Identity Theft page of the California Office of Privacy Protection's Web site.

It might be a good idea to order copies of your credit reports every three months for a while. How long you continue to order them is up to you. Identity thieves usually, but not always, act soon after stealing personal information. We recommend checking your credit reports at least twice a year as a general privacy protection measure.