No less than 108 employees of the Los Angeles County fell for a phishing attack that eventually exposed the details of no less than 756,000 individuals.
The County of Los Angeles Chief Executive Office confirmed the breach today, revealing that on May 13, 2016, its employees were targeted by a phishing attack launched by a Nigerian hacker. A total of 108 employees fell for the attack, opening the email and providing their usernames and passwords, even though their accounts stored confidential information.
A press release published by the county says that “there is no evidence that confidential information from any members of the public has been released because of the breach.”
The county admits that these details include first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers.
Hacker already arrested
The following departments were impacted by the breach, as their employees fell for the phishing attack and opened the malicious links included in the emails: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works.
After the May 13 attack, the county started an investigation and discovered that the hacker was Austin Kelvin Onaghinor of Nigeria, who was already arrested and charged with nine counts, including unauthorized computer access and identity theft.
“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey explained.
The county says that it only started notifying individuals whose information might have been exposed on Thursday, as it wanted to keep everything secret during the investigation. A call center for those who want to make sure their data is secure is available at 1-855-330-6368, Monday – Friday, 8:00 a.m. 5:00 p.m. PST.