LOS ANGELES – County officials Friday announced criminal charges against a Nigerian national who allegedly waged a phishing e-mail attack that targeted Los Angeles County employees and potentially affected more than 750,000 people.
“Based on intensive investigation and monitoring, there is no evidence that confidential information from any members of the public has been released because of the breach,” according to a statement released by Los Angeles County’s Chief Executive Office.
Los Angeles County officials said that 108 county employees were tricked May 13 into providing their user names and passwords through an e-mail designed to look legitimate, and that some of the workers had confidential client or patient information in their e-mail accounts as a result of their county duties.
County officials learned about the breach the following day and “immediately implemented strict security measures” and implemented new controls to minimize the risk of future phishing attacks, authorities said.
“An exhaustive forensic examination by the county has concluded that approximately 756,000 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works,” according to the statement.
The county “promptly began the notification process” Thursday after an arrest warrant was issued for Austin Kelvin Onaghinor of Nigeria, and had delayed notifying potentially affected individuals at the direction of the Los Angeles County District Attorney’s Office to protect the confidentiality of the investigation, according to the statement.
Onaghinor is charged with one felony count of accessing and using computer data to commit fraud or to control or obtain money, property or data, along with eight felony counts of unlawful transfer of identifying information for identity theft, according to the felony complaint for arrest warrant.
“We’re exploring all possibilities to bring him back to Los Angeles,” said Deputy District Attorney Donn Hoffman.
The prosecutor noted that the quality of the phishing e-mails was “very good” and said the e-mails were “persuasive.”
“There certainly are other people involved,” Hoffman said. “This kind of crime really isn’t a single-person operation so much.”
He said the investigation is continuing and that he is hopeful others will be prosecuted.
Los Angeles County District Attorney Jackie Lacey said in a statement that her office has “devoted significant resources to developing cutting-edge expertise and relationships that allow us to hold transnational cyber-criminals accountable.”
“My office will work aggressively to bring this criminal hacker and others to Los Angeles County where they will be prosecuted to the fullest extent of the law,” Lacey said.
The county noted that it is committed to helping anyone whose personal information — including first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank information, home addresses and phone numbers — may have been compromised by the phishing attack
The county is offering free identity monitoring for potentially affected individuals that includes credit monitoring.
The county has also offered a call station for anyone seeking additional information about the phishing attack. The call center can be reached Monday through Friday, between 8 a.m. and 5 p.m. PST at 855-330-6368.
A website has also been established at https://www.211la.org/important-notice/.
–
KJH says
LA County DA needs to expend resources locally, investigating crimes that are reachable here in the U.S. I’ll bet they will use the new CRU (Conviction Review Unit), then some wanna be Russian civil attorney from the innocence project, and no criminal trial experience will get the Nigerian exonerated a few years down the road. DA’s should pass the information to FBI or US Marshal ‘ s Service and let the feds handle international crime.
callingitasitis says
Every government agency have a clearly stated in writing policies & protocols. No sharing your passwords & personal information. Yet, they these county employees did the very thing they are instructed NOT to do? Really, who is training these people? This mess is another taxpayer burden clean up. I though the Los Angeles County government would be better protected from stupid acts of its employees? How well are they protecting the public information???
Rob says
As someone who works in the computer security industry I can honestly say that no matter how much you explain to users not to share their usernames and passwords they still do. Most of them get complacent and think that it will never happen, and sometimes they are afraid of getting in trouble because the emails look official and sometimes promise disciplinary action. Frequency in training reduces the number of potential victims but it won’t get to 100%, people will still mess up.
Luisa says
I’m sure those employees that gave their info were followers of Killary Clinton….duh!!!!
languedoc says
quel jerk!
james smith says
ever notice how some races of people are soo dishonest and corrupt?
languedoc says
as if you could tell conclusively by “noticing”–what exactly are you trying to say?
be very specific.
and what’s w/ the “soo”–you sound like a 14 year old girl.
Be equal says
Yeah all white people are like that
Devil Woman says
I wonder what the mayor of Lancaster email say