Cyber Incident Victim: Orange County Employees Association

The Orange County Employees Association (OCEA) in Santa Ana, California, discovered a cybersecurity incident on July 23, 2015, involving unauthorized access to personal information. Forensic analysis indicated the breach may have occurred as early as June 5, 2015, though the exact intrusion method remained unspecified in public disclosures. The compromise potentially affected multiple groups: OCEA members, non-members, participants in the OCEA Health & Welfare Trust, OCEA staff, customers of Velece Corporation, and dependents of these individuals. Exposed data types included names, addresses, dates of birth, Social Security numbers, driver's license numbers, payroll information, dental/vision/life/disability enrollment details, retirement statuses, usernames and passwords, and dependents' information. OCEA did not disclose the total number of affected individuals but confirmed the breach impacted both current and former associates across multiple affiliated entities.

Within hours of detection, OCEA contacted the U.S. Secret Service, which deployed personnel to OCEA's offices to collect and analyze server data. On July 31, 2015, the organization initiated notifications via email and physical mail to affected individuals for whom they held current contact information. OCEA offered impacted parties one year of credit monitoring, identity theft restoration services, and identity theft insurance through a third-party provider. The association established a dedicated call line and published an FAQ section on its member website (oceamember.org/cybersecurity) to address inquiries. No ransomware demands or explicit attacker motives were disclosed in available reports, and OCEA did not specify whether systems were fully restored or permanently taken offline following the investigation. The incident highlighted risks to employee associations managing sensitive beneficiary data across multiple stakeholder groups.