Employee unwittingly gave hacker access to email account for more than a day.
The California State Controller's Office (SCO) reported that a phishing attack led to a data breach that exposed personnel files and email contacts for more than a day.
"An employee of the California State Controller's Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account," the SCO said in a breach notice.
An unauthorized user had access to the employee's email account from 1:42pm local time on March 18 to 3:19pm on March 19. The attacker sent potentially malicious emails to some of the SCO employee's contacts.
Officials have not disclosed additional information on the extent of what was exposed in the breach, but according to KrebsOnSecurity, an anonymous source in an adjacent California state agency said the attacker had access to the phished employee's Microsoft Office 365 files. SCO officials responded to KrebsonSecurity, stating that an investigation into the attack showed "no access was made to any Office 365 files other than the employee's mailbox."
The full breach notice can be found here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024