Data Breach Suffered by the California Controller’s Office
The breach was caused by a phishing attack in which an employee fell for a phishing email.
The State Controller of California is the chief financial officer of California, being the investigative authority for every dollar spent by the state, and an ex-officio member of the state’s Board of Equalization.
The California State Controller’s Office became the victim of a data breach, caused by a phishing attack, that left the agency with records of 9,000 people stolen.
The attack became possible when an employee of the State Controller’s Office Unclaimed Property Division clicked on a link received in an email.
He, then proceeded to enter a user ID and password as prompted by the email, thus providing the login details to “an unauthorized user” who then was able to access freely the employee’s account on March 18 and 19.
An employee of the California State Controller’s Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account.
Personal information contained in unclaimed property was stolen and also, the State Controller’s Office noted, the unauthorized user had sent what seems to be malicious emails to some of the employee’s contacts.
The State Controller’s Office disclosed in its data breach report that the breach in question was promptly discovered, and anyone who could’ve been affected by it has been notified.
The SCO press secretary, Jennifer Hanson, declared in an email statement that:
Controller (Betty) Yee would like to take this opportunity to remind everyone that bad actors are using ever-more-convincing methods to gain access to information.
Be cautious clicking on a link or attachment you are not expecting – even if it appears to come from a trusted source. The best course of action is to check with the supposed sender first.
Even if in the official statement the breach is not treated as extremely dangerous, some cybersecurity researchers believe that the breach also gave access to the employee’s Microsoft Office 365 files and any files that were shared with that account in the network.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;
Ralph Pisani, the president of a security management platform provider believes that this is only the beginning, as the attacker managed to stay in the network for 24 hours, whilst having full access to Social Security numbers and sensitive files of thousands of state workers.
Many of the most devastating cyberattacks in history have started with a link to a phishing URL.
A carefully crafted email containing a malicious link can fool even the most security-aware of employees. As soon as it is clicked, the clock begins ticking as hackers move laterally throughout the network to extract as much information as possible.
All of this information was used to send targeted phishing messages to at least 9,000 others and their contacts.
The State Controller of California strongly recommends for the individuals and companies contacted by them to carefully monitor their accounts and also get in contact with the three credit bureaus and place a fraud alert on their accounts.