DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hackers stole his campaign cash, Sacramento lawmaker says

Posted on April 26, 2018 by Dissent

Taryn Luna reports on a hack and phish that may leave you wondering whether this was a politically motivated attack or just a garden variety attack.

Luna reports the the victim is Sen. Richard Pan, D-Sacramento, whose re-election campaign account was robbed in a multi-step scheme that began with a hack of his email account in February.

The hackers appeared to study the campaign’s email pattern of approving payments, pretended to be him and sent a fake invoice to his treasurer requesting $46,000 to a vaccine-related nonprofit organization in mid-February, Pan said. He said the responsible parties were able to block communications with other people to hide their trail.

The vaccine connection is what raises the possibility of possible political motivation. Luna explains:

Pan is a doctor and has drawn the ire of a fervent community of activists who oppose his legislative work to toughen vaccination requirements for school children. Pan said there’s no evidence to suggest anyone associated with the anti-vaccination movement was actually involved in the theft, but he’s suspicious given violent threats he’s endured and prior interactions with his opponents. Among other related legislation, Pan successfully removed personal belief exemptions for vaccines in 2015.

The senator’s treasurer was appropriately cautious when she received the request to send the check, but she did not know she was going back and forth in email with the criminals and not with her boss.

As a result of this incident the campaign now uses two-factor authentication for any such requests.

Read more here on SacBee.


Related:

  • IVF provider Genea notifies patients about the cyberattack earlier this year.
  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • France Travail: At least 340,000 job seekers victims of new hack
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
Category: HackMiscellaneousPhishingU.S.

Post navigation

← NZ: Vector shuts down app after privacy breach
TIMCO Aviation Services Settles Class Action Lawsuit by Employees Over 2016 W-2 Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.