L.A. County Phished – 750,000 People Compromised
L.A. County was recently phished. This is really no different than you or your company being phished other than the fact that the damage could be a bit worse.
In the case of Los Angeles County, In May 2016 one thousand employees were phished. Apparently, over 100 employees thought the phishing emails were legit and gave the hacker their userid and password.
Those 108 employees represented a little over 10% of the employees.
If one employee falls for the phishing email it can be bad news. If a hundred employees fall for it, it can be chaos.
In the case of L.A., they have been investigating this attack for the last 7 months and as a result, they opted not to tell people that their information had been compromised.
Now that law enforcement has tracked the attack back to Nigeria, they have issued an arrest warrant for Austin Kelvin Onaghinor. Whether he will ever be caught is unknown. If he is caught, will be be extradited? If he is extradited, will he be convicted? There are a LOT of unknowns.
The county is finally sending out notices to the more than 750,000 people impacted. Most of them had contact with Department of Health Services, but some of them had contact with other departments.
Among the information taken was names, addresses, birth dates, social security numbers, financial information and medical records including diagnoses and treatment history.
The county is offering victims a year of credit and identity theft monitoring.
L.A. County is just one now very public example of what happens when people fall for phishing attacks. If a company has 250 employees and 10% fall for a phishing attack, the damage can be significant. If the company is larger – say a thousand employees – and a hundred of them have their passwords compromised – just think about the amount of damage that can be done.
Is your company prepared for an attack like this? Are your employees going to fall for the kind of phishing emails that the L.A. County employees did? Is your company prepared for the expenses of dealing with an attack like this?
Information for this post came from the L.A. Times.
[TAG:BREACH]
by 