LA County 750000 people data leak was caused by Nigeria


Los Angeles County Employee database was hacked by a Nigerian early this year leading to the leak of more than 750,000 user details to the public. The details include usernames, addresses, date of birth, social security numbers, financial info and medical records. The leaked info includes data related to diagnosis and treatment history of clients, patients or others who received services from county departments.

Officials, however, refuted the media reports saying that the leaked critical info was circulated, sold or released.

The attack which took place on May 13th, 2016, targeted nearly 1K employees from several departments of LA County. It was revealed in the probe that 108 employees were tricked in this phishing scam which made them provide their usernames and passwords of their respective accounts to the scamster.

Officials from LA County said that most of the 756,000 people whose info was leaked were somehow connected to Department of Health Services.

LA County’s network security team discovered the cyber hack on May 14th, 2016 and immediately took appropriate steps to mitigate the risk. Later the cyber investigation team from FBI in association with a networking team from LA County traced the attack to be from Nigeria.

As per the latest hearing on the case, LA County Attorney Office has issued an arrest warrant against a 37-year old accused named Austin Kelvin Onaghinor.

Austin was the man who launched the phishing email cyber attack on the LA county employees and evidence of his involvement has been gained and secured by the investigators. Nine Felony accounts, including unauthorized computer access and identity theft, have been levied against him.

District Attorney Jackie Lacey said that the LA County Attorney authorities will work aggressively to bring the said criminal hacker and others to Los Angeles County to face the trial and charges. Attorney Jackie added that case will be dealt in such a way that it will give a nice lesson to those who want to initiate such cyber attacks in future.

In the meantime, email notices will be issued to people whose information was compromised during the cyber heist.

The Chief Executive Office of the county said that the public notification of the cyber attack was withheld on request of the district attorney from May this year. The attorney’s office wanted to protect the confidentiality of the sensitized subject, ongoing investigation and feared that the disclosure could have led to a broader public harm.

What’s more surprising is the fact that in Feb this year, officials from the department of health services LA said that they were victims of ransomware.

So, to win back the trust of its customers, the county has agreed to offer a year of free credit and identity monitoring for people affected by May cyber attack of Phishing.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display