A hacker who broke into the work e-mail addresses of Contra Costa County staff may have accessed the delicate private data of residents who sought state-run well being care protection and different types of help via the county.
And the victims apparently embody Contra Costa County supervisors Karen Mitchoff and John Gioia, in addition to Mitchoff’s mom.
The hacker focused the county’s Employment and Human Services Department, which coordinates Medi-Cal purposes, meals help and aged and little one care applications.
According to a county press launch, Social Security numbers, driver’s licenses, passports, monetary account numbers and medical insurance data are among the many data uncovered.
“We reviewed the emails and attachments that could have been accessed or downloaded and determined that emails and attachments contained information pertaining to certain County employees, as well as individuals who communicated with the County’s Employment & Human Services Department,” the county revealed in its web site.
But the county famous there’s no proof the hacker really seen or downloaded any of the data.
According to the county, an unauthorized individual accessed the workers’ emails at varied occasions final 12 months between June 24 and Aug. 12. The press launch doesn’t point out when the county detected the breach and began wanting into it, however says the investigation was accomplished March 11.
A county spokesperson couldn’t be reached to offer further particulars concerning the breach, together with the variety of e-mail addresses which will have been compromised.
Medi-Cal purposes that residents e-mail to the Employment and Human Services division embody Social Security numbers. Two of these numbers belonged to Supervisor Karen Mitchoff and her mom, who obtained letters notifying them that the numbers have been uncovered within the breach.
Contra Costa County Supervisor Karen Mitchoff and her mom’s Social Security numbers have been uncovered in a county data breach. (Anda Chu/Bay Area News Group)
Mitchoff stated Tuesday she utilized for Medi-Cal on behalf of her mom and included their Social Security numbers in paperwork she emailed to Employment and Human Services.
Because many different residents equally apply for Medi-Cal protection via that division, a complete “wealth of information” might have been uncovered, Mitchoff stated.
Gioia stated he additionally was notified that his e-mail tackle might have been breached. He isn’t positive the way it occurred, however suspects it may have been phished by a fraudulent e-mail purporting to be from a county worker.
The county is providing some assist to the victims: “We have established a dedicated, toll-free call center for individuals to call with questions about the incident, and we are also offering complimentary credit monitoring to eligible individuals who request it.”
But the supply “doesn’t take away from the fact that (the breach) causes people to be concerned about providing their personal information to a government agency,” Gioia acknowledged, saying he intends to ask questions concerning the hacking at a coming Board of Supervisors assembly.
This is the second time lately that the interior server of a county company has been breached. In 2020, the Contra Costa County public library system grew to become the goal of a ransomware assault that downed the wi-fi web networks of all 26 library branches for a month.
Past notable data breaches have prolonged to the best ranges of presidency, together with a 2020 intrusion marketing campaign into giant public businesses and personal firms that the Department of Homeland Security accused Russian hackers of finishing up.
Mitchoff, who was a longtime county worker earlier than changing into supervisor, stated her Social Security data is extra necessary than ever since she’s retiring this 12 months. But that’s only a consequence of doing enterprise on computer systems, she stated.
“These things happen, nobody likes them and I’m assured that the county is putting whatever protections in place so that this doesn’t happen again,” Mitchoff stated.
“Hackers are going to hack, to use that trope,” she added. “That’s what they love to do and it seems there’s always someone out there who wants to get into our system.”