Cyber Incident Victim: California Department of Consumer Affairs

On December 19, 2018, the California Department of Consumer Affairs experienced a malware attack that disrupted its computer networks and affected employee workstations during Wednesday morning operations. The attack prompted immediate protective measures, including the shutdown of portions of the department’s computer information network to safeguard electronic assets and consumer data. Despite these disruptions, all public-facing services remained operational, with no reported interruption in accessibility for consumers seeking department assistance. Veronica Harms, the department’s deputy director, confirmed these details in an official statement, emphasizing the prioritization of data security while maintaining service continuity. The incident caused internal workflow disruptions as employees lost access to affected systems, though the full scope of workstation and network impairments was not publicly quantified.

The department’s Office of Information Services assumed leadership in coordinating the response, collaborating with unspecified agencies to assess the situation and develop recovery procedures. No specifics regarding the malware’s origin, delivery mechanism, or persistence were disclosed, nor were details provided about whether consumer data was exfiltrated or merely at potential risk. Containment efforts focused on isolating compromised network segments to prevent further spread, though the timeline for full restoration of internal systems remained unclear at the time of reporting. The public statement did not address whether external cybersecurity firms or law enforcement were engaged in the investigation. Operational impacts were confined to internal department functions, with no indication of collateral disruption to other state agencies or external partners.