Cyber Incident Victim: Los Angeles County
Date:
Dec 2016
Location:
United States of America
Summary
A phishing attack compromised email credentials of 108 Los Angeles County employees, enabling unauthorized access that potentially exposed personal data of over 750,000 individuals. The breach involved confidential information such as names, Social Security numbers, medical records, and financial details, though no evidence of data misuse was confirmed. A Nigerian national faced charges including identity theft and unauthorized computer access, while authorities continued investigating additional suspects. The county implemented enhanced security measures following the incident and offered affected individuals credit monitoring and identity protection services. Prosecution efforts were complicated by the need to secure evidence from third-party providers and trace digital footprints across jurisdictions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In May 2016, Los Angeles County experienced a significant email breach after 108 county employees fell victim to a phishing attack that deceived them into disclosing their usernames and passwords. This unauthorized access compromised email accounts containing confidential client and patient information due to the employees' county responsibilities. Forensic examinations revealed that approximately 756,000 individuals who had interacted with multiple county departments could have had their personal data exposed. The compromised information potentially included names, dates of birth, Social Security numbers, driver’s license or state ID numbers, payment card details, bank account information, home addresses, phone numbers, and medical data such as Medi-Cal or insurance IDs, diagnoses, treatment histories, and medical record numbers. By December 2016, Nigerian national Kelvin Onaghinor, 37, was charged with nine counts, including unauthorized computer access and identity theft, though he remained at large with authorities uncertain of his location in the US. Investigators continued searching for additional suspects linked to the attack. County officials implemented strict security measures the day after discovering the breach but delayed notifying affected individuals until December to preserve investigation confidentiality and prevent further harm.
No evidence had emerged by December 16, 2016, confirming the release of compromised data, but officials began proactive notifications on December 15. The forensic investigation faced delays due to the need to trace the attacker’s digital footprint and secure evidence from third parties like internet service providers via search warrants—a process described as time-consuming by Deputy District Attorney Donn Hoffman. The county offered free identity monitoring services, including credit monitoring, identity consultation, and restoration, to potentially affected individuals. Onaghinor faced a maximum sentence of 13 years in state prison if convicted. The breach underscored risks associated with phishing attacks targeting government employees handling sensitive data, though containment efforts prevented confirmed misuse of exposed information during the investigation period.