The Los Angeles County employees have become the victim of a phishing attack and as a result, the data of around 756,000 individuals has become vulnerable to exploitation. The county has confirmed that a breach was carried out after a Nigerian hacker targeted around 108 employees with phishing attacks.
It must be noted that in a phishing attack, the attacker sends out an infected file or attachment in an email or message. If the recipient opens the attachment, the virus/malware gets transferred onto the system and the computer gets infected and the attacker receives the login credentials of the computer. Then the hacker controls the computer through a server and can easily obtain the data.
According to a statement released by the County of Los Angeles Chief Executive Office, the breach occurred on May 13, 2016. The Nigerian hacker sent an email to the county’s employees and 108 employees opened the malicious email and afterward their usernames and passwords were transferred to the hacker along with confidential data stored on their computers. The county stated that currently there was no evidence whether the information has been released publicly or not.
Furthermore, the county has admitted that the information did contain confidential data including first and last names, dates of births, driver’s license number, Social Security numbers, payment card information, bank account number, state identification numbers, home addresses, phone numbers, medical information like Medi-Cal or the insurance identification numbers, treatment history, past or present diagnosis and other medical records numbers.
> Assessor > Chief Executive Office > Children and Family Services > Child Support Services > Health Services > Human Resources > Internal Services > Mental Health > Probation > Public Health > Public Library > Public Social Services > Public Works.
The county initiated an investigation soon after the attack was identified and it was learned that the hacker was from Nigeria, namely Austin Kelvin Onaghinor. It was also learned that the hacker was arrested already on 9 counts including identity theft and unauthorized computer access.
District Attorney Jackie Lacey has pledged that “my office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law.”
The affected individuals are being notified by the county but the matter is being kept under wraps because the department wants to keep it confidential until the investigation is concluded.