The Orange County Employees Association in Santa Ana, California is notifying an undisclosed number of people that their personal information, and that of their dependents, may have been accessed by hackers.
In a notification to the state, OCEA writes that the attack, which appears to have occurred as early as June 5, was detected on July 23, and may have compromised the information of OCEA members, non-members, OCEA Health & Welfare Trust participants, OCEA staff, customers of Velece Corporation, and dependents of any of these individuals.
Within hours of discovering the attack, OCEA contacted the Secret Service, who sent personnel to OCEA’s offices, and then collected and analyzed data from OCEA’s servers.
The types of information that may have been accessed includes name, address, date of birth, Social Security number, driver’s license number, payroll information, dental, vision, life, and disability enrollment information, retirement status, usernames and passwords, and dependents’ information.
Those being notified are offered credit monitoring and identity theft restoration and insurance services for one year. Those affected, for whom OCEA had current contact information, were sent email notifications on July 31, and were mailed notification letters on July 31.
OCEA has set up a dedicated call line and an FAQ on the incident at http://www.oceamember.org/cybersecurity.