L.A. County Confirms Phishing Attack, No Services Disrupted

More than two dozen employees received an email in December containing malware, but county information technology staff detected and contained it before the exposure of any county resident data.

Los Angeles streets
<a href="https://www.shutterstock.com/image-photo/city-los-angeles-cityscape-skyline-scenic-378268960" target="_blank">Shutterstock/logoboom</a>
Los Angeles County confirmed it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data.

According to a statement emailed to Government Technology today from the Los Angeles County Chief Executive Office, the county detected malware activity on Dec. 19 from a phishing email — a scam that aims to steal a recipient’s personal information by getting them to click on a link or attachment. The phishing email came from a third party whose account and distribution list had been compromised by an unidentified attacker, and it was sent to more than two dozen county employees.

L.A. County — the most populous in the nation — has more than 40,000 personal computers, 13,000 mobile phones and 800 network locations for its government, according to its website. The Internal Services Department also supports the Countywide Integrated Radio System, which ensures critical services in an emergency.

The county’s emailed statement said the phishing attack did not impact county services.

“Due to the county’s quick response and established security controls, a more serious incident was averted,” said Bill Kehoe, Los Angeles County Chief Information Officer, in the statement. “However, as with all cyber-related incidents, the county will take immediate action to improve the overall security posture of the county.”

The statement added that Los Angeles County is still investigating the incident with help from private security partners.

These attacks are not uncommon in local government, and this was not Los Angeles County's first phishing incident in recent years. In March 2019, a phishing email targeting a Minnesota-based research company that contracts with the L.A. County Department of Health Services led to the exposure of medical information of more than 14,000 patients. In May 2016, a phishing attack directed at more than 100 Los Angeles County employees led to the exposure of Social Security numbers, names, dates of birth, payment card numbers and other personal information of about 756,000 people who had done business with county departments.

Andrew Westrope is managing editor of the Center for Digital Education. Before that, he was a staff writer for Government Technology, and previously was a reporter and editor at community newspapers. He has a bachelor’s degree in physiology from Michigan State University and lives in Northern California.
Special Projects
Sponsored Articles
  • Sponsored
    How state and local government transportation and transit agencies can enable digital transformation in six key areas to improve traveler experience.
  • Sponsored
    The latest 2020 State CIO Survey by NASCIO reveals that CIOs are doubling down on digital government services, cloud, budget control and fiscal management, and data management and analytics among their top priorities.
  • Sponsored
    Plagiarism can cause challenges in all sectors of society, including government organizations. To combat plagiarism in government documents such as grants, reports, reviews and legal documents, government organizations will find iThenticate to be an effective yet easy-to-use tool in their arsenal.
  • Sponsored
    The US commercial sector, which includes public street illumination, used 141 billion kilowatt-hours of electricity for lighting in 2019. At the national average cost of 11.07 cents per kilowatt-hour, this usage equates to a national street energy cost of $15.6 billion a year.