DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Los Angeles County 211 exposed call logs with details

Posted on May 18, 2018 by Dissent

Another day, another leak involving sensitive information.  From the UpGuard team:

The UpGuard Cyber Risk Team can now disclose that sensitive data from the Los Angeles County 211 service, a nonprofit assistance organization described on their website as “the central source for providing information and referrals for all health and human services in LA County,” was publicly exposed online.

The contents of the downloadable files include access credentials for those operating the 211 system, email addresses for contacts and registered resources of LA County 211, and most troubling, detailed call notes. These notes describe the reason for the calls, including personally identifying information for people reporting the problem, persons in need, and, where applicable, their reported abusers. Included in the more than 3 million rows of call logs are 200,000 rows of detailed notes, including graphic descriptions of elder abuse, child abuse, and suicidal distress, raising serious, large-scale privacy concerns. In many of these cases, full names, phone numbers, addresses, and even 33,000 instances of full Social Security numbers are revealed among the data.

Read more on UpGuard.

UpGuard’s spokesperson confirmed to me that UpGuard first attempted to reach out to LA County 211 on within hours of discovering the exposure on March 14. Why, then did it take more than a month – until April 24 – for the county to get notified and do something??? I have reached back out to UpGuard to try to get more details as to why notification was not accomplished more quickly. Note that I am NOT criticizing UpGuard at all. I want to know where the county’s notification system may have broken down if it was not possible for UpGuard to quickly and effectively notify them on March 14.

Update:  So Chris Vickery filled me in more on what happened with the attempt to notify.  According to Chris, the county was called in 1 hours and 15 minutes after discovery.

“Couldn’t get a real person,” Chris told me, “so 15 minutes later I called 211 itself (the public line) and spoke to an operator. The operator took me seriously and said she would send my contact details to the proper IT contacts and also gave me an admin support email to send a message to. The support email address must be an “internal only” email address because it bounced when I sent a notification message to it. I don’t know what happened to the operators email to the supposed IT staffer. I never heard from them.”

Ugh. A colleague of Chris’s followed up eventually as the others were busy dealing with the AggregateIQ/Cambridge Analytica situation. When the colleague got a direct number for someone in IT,  they were finally able to make notification to the IT people.


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
Category: Breach IncidentsExposureGovernment SectorHealth Data

Post navigation

← Tidal Investigating ‘Potential Data Breach’ After Reports of Inflated Subscriber and Streaming Numbers
Steward Must Convince Jury Doc Fired For HIPAA Violation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.