Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    L.A. County Phishing Attack: 750,000 record data breach

    County_of_Los_Angeles_Health_Services.jpgConfidential health data or personal information of more than 750,000 people may have been accessed in a cyberattack on Los Angeles County employees in May that led to charges this week against a Nigerian national, officials have disclosed.

    The May 13 attack targeted 1,000 county employees from several departments with a phishing email. The email tricked 108 employees into providing usernames and passwords to their accounts, some of which contained confidential patient or client information, officials said.

    Most of the 756,000 people whose information may have been accessed had contact with the Department of Health Services, according to the county. A smaller amount of confidential information from more than a dozen other county departments also was compromised.
     
    “These kinds of phishing attacks are on the rise throughout society — and the county has not  been immune from that trend,” county spokesman Joel Sappell said in a statement.
     

    Among the data potentially accessed were names, addresses, dates of birth, Social Security numbers, financial information and medical records — including diagnoses and treatment history — of clients, patients or others who received services from county departments.

    In February, officials disclosed that the Department of Health Services had been targeted in ransomware attack, a type of malware that cuts off users’ access to files or threatens to destroy them unless a ransom is paid. 

    The county is offering a year of free credit and identity-theft monitoring for people affected by the May phishing attack and has set up a website and call center for those seeking information: (855) 330-6368.

    Ransomware attacks very often succeed through a phishing attack with a spoofed 'From' address. These types of attacks are hard to spot and employees tend to fall for them.

    Can Your Domain Be Spoofed?

    Can hackers spoof an email address of your own domain and get away with millions??

    Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. It's quick, easy, and often a shocking discovery. 

    Find out now if your email server is configured correctly, our tests over the last 2 years show that 82% of servers fail to handle spoofed emails correctly.
     

    Try to spoof me!

    PS, don't like to click on redirected buttons? Cut & paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

     Full story at LA Times.

     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews