UPDATED 23:25 EDT / MARCH 23 2021

SECURITY

California Controller’s Office suffers data breach after employee fell for phishing email

The California State Controller’s Office is the latest victim of a data breach, with the records of about 9,000 people stolen.

The data breach was caused by a phishing attack in which an employee of the State Controller’s Office Unclaimed Property Division clicked on a link in an email they and then entered a user ID and password as prompted. Having done so, the employee provided the login details to “an unauthorized user” who then had access to the employee’s account March 18 and 19.

The stolen data involved personal information contained in unclaimed property holder reports. In addition, the State Controller’s Office also notes that the unauthorized user also sent potentially malicious emails to some of the employee’s contacts.

The State Controller’s Office noted in its data breach report that the breach was discovered promptly and access removed. A review took place and anyone who may have been affected has been notified.

Although the official statement plays down the breach, Krebs on Security reported, based on an unnamed source, that it failed to mention that the breach included access to the employee’s Microsoft Corp. Office 365 files and potentially any files shared with that account across the network. “This isn’t even the full extent of the breach,” the source told Krebs.

“Many of the most devastating cyberattacks in history have started with a link to a phishing URL,” Ralph Pisani, president at security management platform provider Exabeam Inc., told SiliconANGLE. “A carefully crafted email containing a malicious link can fool even the most security-aware of employees. As soon as it is clicked, the clock begins ticking as hackers move laterally throughout the network to extract as much information as possible.”

The adversaries were in the system only for 24 hours but were able to steal Social Security numbers and sensitive files on thousands of state workers, he added. “All of this information was used to send targeted phishing messages to at least 9,000 others and their contacts.”

Purandar Das, co-founder and chief executive officer at data security firm Sotero Inc., noted that even a seemingly innocuous malicious attack can enable attackers to gain insights and valuable information that can be used to cause long-lasting damage to consumers and organizations.

“The security focus for organizations has to evolve to be data-centric regardless of where it is stored,” Das added. “As important as perimeter security is, securing data regardless of location has to become the objective. Organizations have to start planning and deploying data-centric security solutions assuming that the perimeter can and will be breached.”

Image: California State Controller’s Office

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU