Authorities are searching for more suspects in the hack, which occurred in May when a phishing email deceived 108 county employees into providing usernames and passwords.
Some employees, according to officials, had “confidential client/patient information” in their email accounts through their county responsibilities.
A forensic examination found that about 756,000 individuals could have been affected through their contact with several departments, the Daily News reported on Saturday.
There was no evidence as of Friday that any confidential information was released because of the breach. But on Thursday officials began notifying people that their personal information was exposed and might have been compromised.
That information may have included first and last names, dates of birth, social security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history or medical record numbers.
The day after the attack, county officials said they had put in place strict security measures.
Notification of potentially affected people was delayed to protect the confidentiality of the investigation and to “prevent further harm”, officials said.
Deputy district attorney Donn Hoffman of the office’s cybercrime division said it could take time to investigate as the attacker’s digital footprint must be tracked and because third-parties such as internet service providers may hold essential evidence, which must be obtained through search warrants.
“That’s a time-consuming process,” he said, adding that the case was still being investigated.
The county is offering free identity monitoring for those who may have been exposed, including credit monitoring, identity consultation and identity restoration.
Onaghinor faces 13 years in state prison if convicted.
More about:
