Cyber Threat Actor: Kelvin Onaghinor
| Actor Type | Location | Known Incidents |
Criminal
|
Nigeria
|
1 incident |
|---|
Profile
Kelvin Onaghinor, also known by the alias Kelvin Onaghinor, is a Nigerian national who has been publicly linked to a cyber intrusion targeting Los Angeles County government systems. He was charged with nine counts, including unauthorized computer access and identity theft, in connection with a phishing campaign that compromised the email credentials of county employees. The individual’s known location is Nigeria, and at the time of the charges he had not been apprehended, with authorities uncertain whether he was present on United States soil. No affiliations with state actors or criminal consortia have been established in the available reporting.
The incident attributed to Onaghinor occurred in May 2016 when a deceptive phishing email induced 108 Los Angeles County employees to reveal their usernames and passwords. This credential harvesting granted the attacker access to email accounts that contained confidential client or patient information from various county departments. A forensic analysis indicated that the personal data of approximately 756,000 individuals who had interacted with those departments could have been exposed, encompassing names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card details, bank account information, home addresses, phone numbers, and medical information such as Medi‑Cal identifiers, diagnoses, treatment histories, or record numbers. Officials stated that, as of the initial disclosure, there was no evidence that any of the compromised data had been misused, though notifications were issued to potentially affected individuals and the county provided free credit monitoring and identity protection services.
Legal proceedings against Onaghinor include the possibility of a 13‑year state prison sentence if convicted on all counts. The case has highlighted investigative challenges, particularly the need to trace digital footprints across jurisdictions and to obtain evidence from third‑party providers such as internet service providers through search warrants. Deputy District Attorney Donn Hoffman noted that gathering such evidence is a time‑consuming process, and authorities continued to search for additional suspects involved in the hack. The Los Angeles County response involved implementing enhanced security measures after the breach and delaying public notification to protect the integrity of the ongoing investigation.
This 2016 Los Angeles County email compromise serves as a representative example of the actor’s observed methodology, relying on phishing to gain initial access and subsequently exploiting privileged email accounts to harvest large volumes of personal data. The episode underscores the potential impact of credential‑theft tactics on government entities and the difficulties faced by law enforcement when pursuing cybercriminals whose operations span international borders. While only this single campaign is publicly documented, it illustrates the type of activity that has led to identity‑theft charges and significant remediation efforts by the targeted organization.
