Scammers Went Phishing in L.A. County, But Got No Bites

More than two dozen employees received an email in December containing malware, but county information technology staff detected and contained it before the exposure of any county resident data.

Los Angeles streets
<a href="https://www.shutterstock.com/image-photo/city-los-angeles-cityscape-skyline-scenic-378268960" target="_blank">Shutterstock/logoboom</a>
Los Angeles County, California, confirmed it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data.

According to a statement emailed to Government Technology today from the Los Angeles County Chief Executive Office, the county detected malware activity on Dec. 19 from a phishing email — a scam that aims to steal a recipient’s personal information by getting them to click on a link or attachment. The phishing email came from a third party whose account and distribution list had been compromised by an unidentified attacker, and it was sent to more than two dozen county employees.

L.A. County — the most populous in the nation — has more than 40,000 personal computers, 13,000 mobile phones and 800 network locations for its government, according to its website. The Internal Services Department also supports the Countywide Integrated Radio System, which ensures critical services in an emergency.

The county’s emailed statement said the phishing attack did not impact county services.

“Due to the county’s quick response and established security controls, a more serious incident was averted,” said Bill Kehoe, Los Angeles County Chief Information Officer, in the statement. “However, as with all cyber-related incidents, the county will take immediate action to improve the overall security posture of the county.”

The statement added that Los Angeles County is still investigating the incident with help from private security partners.

These attacks are not uncommon in local government, and this was not Los Angeles County's first phishing incident in recent years. In March 2019, a phishing email targeting a Minnesota-based research company that contracts with the L.A. County Department of Health Services led to the exposure of medical information of more than 14,000 patients. In May 2016, a phishing attack directed at more than 100 Los Angeles County employees led to the exposure of Social Security numbers, names, dates of birth, payment card numbers and other personal information of about 756,000 people who had done business with county departments.

Government Technology is a sister site to Governing. Both are divisions of e.Republic.

Government Technology is Governing's sister e.Republic publication, offering in-depth coverage of IT case studies, emerging technologies and the implications of digital technology on the policies and management of public sector organizations.
Special Projects
Sponsored Stories
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
Sponsored
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.
Sponsored
As more people get vaccinated and states begin to roll back some of the restrictions put in place due to the COVID-19 pandemic — schools, agencies and workplaces are working on a plan on how to safely return to normal.
Sponsored
The solutions will be a permanent part of government even after the pandemic is over.
Sponsored
See simple ways agencies can improve the citizen engagement experience and make online work environments safer without busting the budget.
Sponsored
Whether your agency is already a well-oiled DevOps machine, or whether you’re just in the beginning stages of adopting a new software development methodology, one thing is certain: The security of your product is a top-of-mind concern.
Sponsored
The World Economic Forum predicts that by 2022, over half of the workforce will require significant reskilling or upskilling to do their jobs—and this data was published prior to the pandemic.
Sponsored
Part math problem and part unrealized social impact, recycling is at a tipping point. While there are critical system improvements to be made, in the end, success depends on millions of small decisions and actions by people.
Sponsored
Government legal professionals are finding Lexis+ Litigation Analytics from LexisNexis valuable for understanding a judge’s behavior and courtroom trends, knowing other attorneys’ track records, and ensuring success in civil litigation cases.