Cyber Incident Victim: Los Angeles County

On December 19, 2019, Los Angeles County's information technology staff detected malware activity originating from a phishing email sent to more than two dozen county employees. The malicious email, which contained a malware-laden link or attachment, was traced to a compromised third-party account and distribution list exploited by an unidentified attacker. County cybersecurity personnel swiftly contained the threat, preventing unauthorized access to resident data or disruption of county services. The phishing attempt aimed to steal personal information by deceiving recipients into interacting with the malicious content. Los Angeles County Chief Information Officer Bill Kehoe confirmed the attack was mitigated due to rapid response protocols and existing security controls, averting potential data exposure or operational impacts. The county’s infrastructure at the time included over 40,000 personal computers, 13,000 mobile phones, and 800 network locations supporting government operations, along with the Countywide Integrated Radio System for emergency communications.

The county initiated an investigation with assistance from private security partners to assess the attack’s scope and origin. While no resident data was compromised in this incident, the county acknowledged prior phishing-related breaches, including a March 2019 attack involving a compromised contractor that exposed medical data of 14,000 health services patients and a May 2016 incident affecting approximately 756,000 individuals’ personal information through employee-targeted phishing. Kehoe emphasized ongoing efforts to strengthen cybersecurity defenses following the December 2019 event, though no specific procedural changes or attacker motives were disclosed. The county reiterated that critical services remained unaffected throughout the incident due to containment measures.