Attackers in Asia compromise data for nearly 150k in California

Share this article:

Hackers said to be located overseas may have compromised the personal data of tens of thousands of California residents in a computer attack that dates back to March.

Among the sensitive information that may have been accessed are the names, addresses, dates of birth and Social Security numbers of 144,493 Monterey County residents.

Each of the affected received social services assistance payments through CalFresh, MediCal, CalWorks, and Foster Care between 2002 and 2009, Elliot Robinson, director of the county Department of Social Services, told on Friday.

The incident involved attackers using Remote Desktop Protocol to penetrate a password-protected computer not in use since 2009 and previously believed to have been shut down, Robinson said, adding the hack occurred on March 17 and officials were notified that same day.

“How it was identified was by the volume of traffic coming into the network,” Robinson said, explaining officials pulled the power cord on the computer after moderators identified unknown access coming into the machine.

Monterey County officials held back from announcing the incident due to an ongoing forensic examination, during which time computer investigators used brute force to gain entry into the computer because it had been out of use for so long, Robinson said.

The lengthy collaborative investigation between state and local officials revealed that it was a power surge that caused the still network-connected machine to power on, allowing penetrators access to the system, Robinson said.

The hackers are believed to be located overseas because one of the Internet Protocol (IP) addresses was traced to a location in Hong Kong and another to a location in South Korea, Robinson said, adding he is unaware of any arrests linked to the attack.

Letters have been sent to affected individuals, alerting them of the incident, and updated security measures are being implemented to prevent any similar incidents from occurring.

“We take the privacy of people who come to us for assistance very seriously and have worked with state network administrators to assure that the method of attack used to break into this computer can't be used again,” said Robinson in a statement. “Additionally, this computer was immediately taken offline and care was taken to assure all other social services computers were behind firewalls.”

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.