Los Angeles County Breach Caused When More Than 100 Employees Fall For Phishing Email

Los Angeles County has disclosed that it was a victim of a phishing email attack seven months ago, and it failed badly. Authorities say over 100 LA County employees responded to the phishing emails allegedly sent by the suspect, described as a Nigerian national.

The county workers provided their username and passwords to the alleged scammer through an email designed to look legitimate and the result is that 756,000 people have had their data breached.

“Some of those employees had confidential client/patient information in their email accounts because of their County responsibilities,” the county said in a news release. “County officials learned of the breach the next day, and immediately implemented strict security measures.”

County officials say investigators requested the delay in telling the public what happened.

“An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public works,” the county said.

Names, birth dates, Social Security numbers, driver’s license numbers, credit card numbers, bank account numbers, addresses, home phone numbers, medical treatment information are among the information that may have been compromised.

On Thursday, an arrest warrant was issued for Austin Kelvin Onaghinor, who has been charged with nine counts, including unauthorized computer access, and identity theft, authorities said.

“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey said in a statement.

The county is offering free identity monitoring for potentially affected individuals, which includes credit monitoring, identity consultation, and identity restoration.

For more information, please call 1-855-330-6368, or click through to the breach notice here.



Ready for the right solutions?

It’s time to offload your technology troubles and security stress.

"*" indicates required fields