Breach, Threat Management, Data Security, Vulnerability Management

Attackers in Asia compromise data for nearly 150k in California

Hackers said to be located overseas may have compromised the personal data of tens of thousands of California residents in a computer attack that dates back to March.

Among the sensitive information that may have been accessed are the names, addresses, dates of birth and Social Security numbers of 144,493 Monterey County residents.

Each of the affected received social services assistance payments through CalFresh, MediCal, CalWorks, and Foster Care between 2002 and 2009, Elliot Robinson, director of the county Department of Social Services, told on Friday.

The incident involved attackers using Remote Desktop Protocol to penetrate a password-protected computer not in use since 2009 and previously believed to have been shut down, Robinson said, adding the hack occurred on March 17 and officials were notified that same day.

“How it was identified was by the volume of traffic coming into the network,” Robinson said, explaining officials pulled the power cord on the computer after moderators identified unknown access coming into the machine.

Monterey County officials held back from announcing the incident due to an ongoing forensic examination, during which time computer investigators used brute force to gain entry into the computer because it had been out of use for so long, Robinson said.

The lengthy collaborative investigation between state and local officials revealed that it was a power surge that caused the still network-connected machine to power on, allowing penetrators access to the system, Robinson said.

The hackers are believed to be located overseas because one of the Internet Protocol (IP) addresses was traced to a location in Hong Kong and another to a location in South Korea, Robinson said, adding he is unaware of any arrests linked to the attack.

Letters have been sent to affected individuals, alerting them of the incident, and updated security measures are being implemented to prevent any similar incidents from occurring.

“We take the privacy of people who come to us for assistance very seriously and have worked with state network administrators to assure that the method of attack used to break into this computer can't be used again,” said Robinson in a statement. “Additionally, this computer was immediately taken offline and care was taken to assure all other social services computers were behind firewalls.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.