Los Angeles County has begun notifying 756,000 individuals that may have had their personal information compromised during a phishing attack on LA County employees in mid-May this year.

The attack occurred on May 13, 2016 when 1,000 LA County employees received phishing emails. Of those employees, 10.8% were successfully phished, leaving many concerned with the large number of impacted victims by such a small phishing success rate.

The County of Los Angeles Chief Executive Office released a statement last Friday claiming the information compromised may have included first and last names, dates of birth, Social Security #’s, driver’s license and state identification numbers, payment information, bank account information, home addresses, phone numbers, and/or medical information.

Those individuals affected by this attack would have been through their contact with the Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works.

Even more shocking, it took seven months for the county to disclose the breach to the public. County official took advantage of the exemption from disclosure laws that allows delayed notification if necessary to protect ongoing legal investigations. With support from the District Attorney’s Office, “notification of the potentially affected individuals was delayed to protect the confidentiality of the sensitive, ongoing investigation and prevent broader public harm.”

The LA County DA’s office also announced on Friday that they successfully completed the investigation into this incident and have filed charges against Austin Kelvin Onaghinor, a 37 year old Nigerian national. Onaghinor is being charged with nine counts including unauthorized computer access and identity theft.

The State of California’s District Attorney General, Kamala D. Harris, released a report, The State of California Data Security Breach Reporting, earlier this year recommending the Center for Internet Security’s Critical Security Controls (CIS) as the baseline for implementing reasonable security measures under California law. Furthermore, Harris claimed that “failure to implement all the CIS Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

As one of a handful of CIS Certified Vendors, NNT has access to security configuration benchmarks, software, metrics, and discussion forums where NNT is an essential stakeholder in collaborating on security best practices. We have leveraged these practices and resources in our products to measure and improve the security of our customers.

 

Read this article on SecurityWeek

 

 

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.