Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
California State Controller's Office Suffers Data Breach
Employee unwittingly gave hacker access to email account for more than a day.
1 Min Read
The California State Controller's Office (SCO) reported that a phishing attack led to a data breach that exposed personnel files and email contacts for more than a day.
"An employee of the California State Controller's Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account," the SCO said in a breach notice.
An unauthorized user had access to the employee's email account from 1:42pm local time on March 18 to 3:19pm on March 19. The attacker sent potentially malicious emails to some of the SCO employee's contacts.
Officials have not disclosed additional information on the extent of what was exposed in the breach, but according to KrebsOnSecurity, an anonymous source in an adjacent California state agency said the attacker had access to the phished employee's Microsoft Office 365 files. SCO officials responded to KrebsonSecurity, stating that an investigation into the attack showed "no access was made to any Office 365 files other than the employee's mailbox."
The full breach notice can be found here.
About the Author
You May Also Like
More Insights
Webinars
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024
