SACRAMENTO, Calif. (KTXL) — Multiple agencies are responding to a cyber threat against the California Department of Finance.
While specifics are murky, the California Office of Emergency Services said hackers did not steal state funds or anyone’s tax dollars.
State officials said information is still coming in on what exactly happened, but Cal OES released a statement saying after the threat was identified, “Digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.”
Among its several responsibilities, the Department of Finance is in charge of protecting state assets and preparing the governor’s budget.
Cal OES said, “While we cannot comment on specifics of the ongoing investigation, we can share that no state funds have been compromised.”
Democratic State Senator Dave Min of Orange County has served as the chair of the Senate Select Committee on cyber security over the last two years. He appreciates the Newsom administration for investing $260 million into cyber security since the governor first took office, but Min argues more must be done.
“I will say, honestly, I was disappointed that we did not invest more in cyber security during the past two years when we had very large budget surpluses,” Min said. “Some people say you want to spend 3% of your budget on cyber security, some say your budget should be 3% on cyber security, some as high as 15-20%. That number is significant.”
A significant number he said goes not only to state-of-the-art software, but also programs like California employee training about ways to identify potential threats.
While questions remain, cybersecurity expert Eric Noonan said one thing is clear: We all play a part in protecting ourselves.
“Keep your devices updated, apply patches as you see them, and change your passwords frequently. But at the end of the day, know that you’re very much unfortunately vulnerable as the devices and the applications you use,” Noonan said. “Most of this is out of our individual control, and that’s why our governments have a regulatory rule to force businesses to raise their standards.”
The cybersecurity threat is still under investigation.
Officials are looking into who was responsible, what hackers actually got access to and how this all happened.