Officials at the California Statewide Automated Welfare System disclosed that over 19,000 accounts in the state's BenefitsCal welfare program portal were compromised for almost a year, reports The Record, a news site by cybersecurity firm Recorded Future.
Attackers leveraging previously exposed user credentials were able to infiltrate the BenefitsCal accounts from March 1, 2023, to Feb. 13, 2024, enabling access to individuals' names, birthdates, phone numbers, Social Security numbers, and Medi-Cal and Electronic Benefits Transfer card numbers, as well as other sensitive data, said officials in breach notification documents filed with state Office of the Attorney General earlier this month. The incident has prompted not only new passwords, phone numbers, and EBT cards for the impacted individuals, but also the implementation of additional security measures, including mandatory two-step verification.
Such a development follows the Los Angeles County Department of Health Services' disclosure of a phishing attack that exposed patients' personal and health information.
