California State Controller's Office Suffers Data BreachCalifornia State Controller's Office Suffers Data Breach
Employee unwittingly gave hacker access to email account for more than a day.
March 25, 2021
The California State Controller's Office (SCO) reported that a phishing attack led to a data breach that exposed personnel files and email contacts for more than a day.
"An employee of the California State Controller's Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account," the SCO said in a breach notice.
An unauthorized user had access to the employee's email account from 1:42pm local time on March 18 to 3:19pm on March 19. The attacker sent potentially malicious emails to some of the SCO employee's contacts.
Officials have not disclosed additional information on the extent of what was exposed in the breach, but according to KrebsOnSecurity, an anonymous source in an adjacent California state agency said the attacker had access to the phished employee's Microsoft Office 365 files. SCO officials responded to KrebsonSecurity, stating that an investigation into the attack showed "no access was made to any Office 365 files other than the employee's mailbox."
The full breach notice can be found here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023