A Nigerian national has been charged in connection with a hack into Los Angeles County emails that might have exposed personal data of hundreds of thousands of people who had business with county departments, officials said Friday.
Kelvin Onaghinor of Nigeria faces nine counts related to the breach, including unauthorized computer access and identity theft, according to the Los Angeles County Chief Executive Office.
“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey vowed in a statement Friday.
The same day, the county disclosed that it was the victim of the phishing email attack.
The attack occurred May 13, 2016, when 108 county employees were deceived by an email they believed to be legitimate into providing their usernames and passwords, according to officials.
Some of those employees, according to officials at the county, had “confidential client/patient information” in their email accounts through their county responsibilities.
A forensic examination found that about 756,000 individuals could have been impacted through their contact with several departments.
They include: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works, according to county officials.
But there was no evidence that confidential information from the public has been released because of the breach.
The day after the attack, county officials said they learned of the breach and put in place strict security measures.
According to the county, directed by the District Attorney’s Office, notification of potentially affected people was delayed to protect confidentiality of the investigation and to “prevent further harm.”
On Thursday, officials began notifying people that their personal information may have been compromised.
That information may have included first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers.
The county is offering free identity monitoring for those who may have been exposed, including credit monitoring, identity consultation and identity restoration.
A call center also has also been set up for anyone seeking more information regarding the incident. The call center can be reached at 1-855-330-6368, Monday through Friday, from 8 a.m. to 5 p.m. PST.
A website has also been established to provide affected individuals with information in numerous languages. Visit www.211la.org/important-notice for more information.