DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Almost 800,000 to be notified because more than 100 Los Angeles County employees fell for a phishing attack

Posted on December 17, 2016 by Dissent

On a single day in May, 108 Los Angeles County employees fell for a phishing attack that affected approximately 756,000 individuals. Here is the press release issued Dec. 16 from the County of Los Angeles Chief Executive Office:

The County of Los Angeles today disclosed that it was the victim of a phishing email attack that potentially affected hundreds of thousands of individuals and has resulted in felony charges against a Nigerian national.

Based on intensive investigation and monitoring, there is no evidence that confidential information from any members of the public has been released because of the breach.

The phishing incident occurred May 13, 2016, when 108 County employees were tricked into providing their usernames and passwords through an email designed to look legitimate. Some of those employees had confidential client/patient information in their email accounts because of their County responsibilities. County officials learned of the breach the next day and immediately implemented strict security measures.

An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works.

The District Attorney’s Office’s Cyber Investigation Response Team was notified and launched a far-reaching probe that led on Thursday to the issuance of an arrest warrant for Austin Kelvin Onaghinor of Nigeria. He was charged with nine counts, including unauthorized computer access and identity theft.

“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey vowed in a statement.

At the direction of the District Attorney’s Office, notification of the potentially affected individuals was delayed to protect the confidentiality of the sensitive, ongoing investigation and prevent broader public harm. Law enforcement agencies are authorized to request such exemptions to notification requirements.

On Thursday, with the filing of charges, the County promptly began the notification process.

The County of Los Angeles is committed to assisting any individuals whose personal information may have been compromised in this phishing incident.

That information may have included first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers.

The County is offering free identity monitoring for potentially affected individuals. This includes credit monitoring, identity consultation and identity restoration.

A call center also has been established for anyone seeking additional information regarding the incident. The call center can be reached at 1-855-330-6368, Monday – Friday, 8:00 a.m. 5:00 p.m. PST.

Further, a website has been established to provide affected individuals with information in numerous languages. The website can be accessed at https://www.211la.org/important-notice/

Los Angeles County has gained national recognition for its aggressive pursuit of cyber criminals. As a result of this incident, the County has implemented new controls to minimize risk of future phishing attacks and has enhanced training to identify and respond to phishing attacks as part of the County’s ongoing cyber-security awareness campaign.

For more information on the District Attorney’s investigation and its Cyber Investigation Response Team, contact the agency’s Media Relations Division at (213) 257-2000.

Category: Government SectorHealth DataOf NotePhishingU.S.

Post navigation

← Three Romanian nationals indicted in cyber fraud case in which they infected 60,000 computers, sent out 11 million malicious emails and stole at least $4 million
Ameriprise leak exposes millions of dollars worth of accounts →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.