SACRAMENTO, Calif. (KTXL) — Hundreds of records containing personal information of Sacramento County residents were exposed in a phishing attack last year, the county said.
Sacramento County said 2,096 protected health information and 816 personal identifiable records were exposed during a cyber attack on June 22, 2021. The extent of the breach was not known until Nov. 17 when a security audit was completed.
Officials did not say how many Sacramento County employees were targeted during the phishing attack, only saying it was multiple. The county did, however, say how many login credentials were compromised: five.
According to the county, the Department of Health Services and Behavioral Health and the Department of Child, Family and Adult Services were affected by the data breach.
Those affected should have received an email on Friday alerting them about the breach and available help.
“They will have the no charge option to have one year of credit monitoring, credit resolution, and identity restoration services,” the county said.
Since the phishing attack, Sacramento County has set up two-factor authentication countywide, among taking other steps.
Actions Taken in Response to the Incident:Sacramento County
• Changed password/strengthened password requirements
• Created a new/updated Security Rule Risk Management Plan
• Implemented new technical safeguards
• Implemented periodic technical and nontechnical evaluations
• Improved physical security
• Provided individuals with free credit monitoring
• Took steps to mitigate harm
• Trained or retrained workforce members
• Implemented countywide 2 Factor Authentication
• Provided countywide Security Awareness Training
The Sacramento area saw cyberattacks a month before the county’s data breach. The FBI warned residents about ransomware attacks after a community college and a local business were targeted.