LOS ANGELES — The Los Angeles County Board of Supervisors unanimously voted Tuesday to study the county’s ability to protect against hackers and other cyberattacks.
Supervisor Janice Hahn proposed the review in response to reports that county employees had been the target of a phishing attack last May.
“Cyberattacks are not going away anytime soon,” Hahn said. “In fact, we should expect them to increase and become more sophisticated. We need to know where the county is vulnerable to cyberattacks and what we can do to protect the public’s sensitive and personal information.”
A report is expected back in 60 days on the feasibility of conducting comprehensive cybersecurity risk assessments of all county departments.
Hahn said she is hopeful that the work may open the door to funding countywide training on cybersecurity to help prevent future attacks.
Criminal charges were filed last month against a Nigerian national who allegedly waged a phishing email attack that targeted county employees and potentially affected more than 750,000 people.
Last May, 108 county employees were tricked into providing their user names and passwords through an email designed to look legitimate, according to a statement released last month by the county’s Chief Executive Office. Some of the workers had confidential client or patient information in their email accounts as a result of their job duties.
County officials learned about the breach the day after the attack and “immediately implemented strict security measures” and implemented new controls to minimize the risk of future phishing attacks, according to the CEO’s office.
The statement said an “exhaustive forensic examination by the county” concluded that around 756,000 individuals were “potentially impacted” through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works.
“Based on intensive investigation and monitoring, there is no evidence that confidential information from any members of the public has been released because of the breach,” the statement said.
Austin Kelvin Onaghinor is charged with one felony count of accessing and using computer data to commit fraud or to control or obtain money, property or data, along with eight felony counts of unlawful transfer of identifying information for identity theft.
District Attorney Jackie Lacey has said she hopes to bring Onaghinor to Los Angeles to face justice and prosecutors have said they believe the crime involves additional perpetrators. The investigation is ongoing.
The county is offering free identity monitoring for potentially affected individuals that includes credit monitoring and has set up a call line for anyone seeking additional information on the attack. The call center can be reached weekdays between 8 a.m. and 5 p.m. at 855-330-6368.
Previous related story: Nigerian national charged in phishing e-mail attack on Los Angeles County