LA County employees victim of phishing email that may have impacted 756000 – CBS News
LOS ANGELES — After seven months, Los Angeles County has disclosed that it was a victim of a phishing email attack.
The cyber-security incident happened back in May, when authorities say over 100 employees responded to a phishing email allegedly sent by the suspect, described as a Nigerian national, reports CBS Los Angeles.
The workers provided the username and passwords to the alleged scammer through an email designed to look legitimate, officials said.
“Some of those employees had confidential client/patient information in their email accounts because of their County responsibilities,” the county said in a news release. “County officials learned of the breach the next day, and immediately implemented strict security measures.”
County officials say investigators requested the delay in telling the public what happened.
“An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public works,” the county said.
Names, birth dates, Social Security numbers, driver’s license numbers, credit card numbers, bank account numbers, addresses, home phone numbers, medical treatment information are among the information that may have been compromised.
On Thursday, an arrest warrant was issued for Austin Kelvin Onaghinor, who has been charged with nine counts, including unauthorized computer access, and identity theft, authorities said.
“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey said in a statement.
The county is offering free identity monitoring for potentially affected individuals, which includes credit monitoring, identity consultation, and identity restoration.