Los Angeles County has begun notifying 756,000 individuals that may have had their personal information compromised during a phishing attack on LA County employees in mid-May this year.

The attack occurred on May 13, 2016, when 1,000 LA County employees received phishing emails. Of those employees, 10.8% were successfully phished, leaving many concerned with the large number of impacted victims by such a small phishing success rate.

The County of Los Angeles Chief Executive Office released a statement last Friday claiming the information compromised may have included first and last names, dates of birth, Social Security #’s, driver’s license and state identification numbers, payment information, bank account information, home addresses, phone numbers, and/or medical information.

Those individuals affected by this attack would have been through their contact with the Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works.

Even more shocking, it took seven months for the county to disclose the breach to the public. County official took advantage of the exemption from disclosure laws that allows delayed notification if necessary to protect ongoing legal investigations. With support from the District Attorney’s Office, “notification of the potentially affected individuals was delayed to protect the confidentiality of the sensitive, ongoing investigation and prevent broader public harm.”

The LA County DA’s office also announced on Friday that they successfully completed the investigation into this incident and have filed charges against Austin Kelvin Onaghinor, a 37-year-old Nigerian national. Onaghinor is being charged with nine counts including unauthorized computer access and identity theft.

The State of California’s District Attorney General, Kamala D. Harris, released a report, The State of California Data Security Breach Reporting, earlier this year recommending the Center for Internet Security’s CIS Controls as the baseline for implementing reasonable security measures under California law. Furthermore, Harris claimed that “failure to implement all the CIS Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

As one of a handful of CIS Certified Vendors, NNT has access to security configuration benchmarks, software, metrics, and discussion forums where NNT is an essential stakeholder in collaborating on security best practices. We have leveraged these practices and resources in our products to measure and improve the security of our customers.

 

Read this article on SecurityWeek

 

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.