The State Controller of California is the chief financial officer of California, being the investigative authority for every dollar spent by the state, and an ex-officio member of the state’s Board of Equalization

The California State Controller’s Office became the victim of a data breach, caused by a phishing attack, that left the agency with records of 9,000 people stolen.  

The attack became possible when an employee of the State Controller’s Office Unclaimed Property Division clicked on a link received in an email

He, then proceeded to enter a user ID and password as prompted by the email, thus providing the login details to “an unauthorized user” who then was able to access freely the employee’s account on March 18 and 19.

An employee of the California State Controller’s Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account.


Personal information contained in unclaimed property was stolen and also, the State Controller’s Office noted, the unauthorized user had sent what seems to be malicious emails to some of the employee’s contacts.

The State Controller’s Office disclosed in its data breach report that the breach in question was promptly discovered, and anyone who could’ve been affected by it has been notified.

The SCO press secretary, Jennifer Hanson, declared in an email statement that:

Controller (Betty) Yee would like to take this opportunity to remind everyone that bad actors are using ever-more-convincing methods to gain access to information.
Be cautious clicking on a link or attachment you are not expecting – even if it appears to come from a trusted source. The best course of action is to check with the supposed sender first.


Even if in the official statement the breach is not treated as extremely dangerous, some cybersecurity researchers believe that the breach also gave access to the employee’s Microsoft Office 365 files and any files that were shared with that account in the network. 

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Ralph Pisani, the president of a security management platform provider believes that this is only the beginning, as the attacker managed to stay in the network for 24 hours, whilst having full access to Social Security numbers and sensitive files of thousands of state workers.

Many of the most devastating cyberattacks in history have started with a link to a phishing URL.
 A carefully crafted email containing a malicious link can fool even the most security-aware of employees. As soon as it is clicked, the clock begins ticking as hackers move laterally throughout the network to extract as much information as possible.
 All of this information was used to send targeted phishing messages to at least 9,000 others and their contacts.


The State Controller of California strongly recommends for the individuals and companies contacted by them to carefully monitor their accounts and also get in contact with the three credit bureaus and place a fraud alert on their accounts.

New Microsoft Phishing Campaign Targets Office365 Users

Leave a Reply

Your email address will not be published. Required fields are marked *