Technical data

Hundreds of personal records exposed in data breach

SACRAMENTO, Calif. (KTXL) — Hundreds of records containing personal information about Sacramento County residents were exposed in a phishing attack last year, the county said.

Sacramento County said 2,096 protected health information and 816 identifiable personal records were exposed in a cyberattack on June 22, 2021. The extent of the breach was not known until November 17, when an audit security has been completed.

Officials did not specify how many Sacramento County employees were targeted in the phishing attack, saying only that it was several. The county, however, indicated how many login credentials were compromised: five.

According to the county, the Department of Health Services and Behavioral Health and the Department of Child, Family and Adult Services were affected by the data breach.

Those affected should have received an email on Friday alerting them to the breach and the help available.

“They will have the free option of having one year of credit monitoring, credit resolution and identity restoration services,” the county said.

Since the phishing attack, Sacramento County has implemented countywide two-factor authentication, among other measures.

Actions taken in response to the incident:
• Changed/Strengthened Password Requirements
• Creation of a new/updated security rules risk management plan
• Implementation of new technical safeguards
• Implementation of periodic technical and non-technical evaluations
• Improved physical security
• Provides individuals with free credit monitoring
• Took steps to mitigate the damage
• Trained or retrained staff members
• Implemented 2-factor authentication across the county
• Provision of security awareness training throughout the county

Sacramento County

The Sacramento area experienced cyberattacks a month before the county’s data breach. The FBI has warned residents of ransomware attacks after a community college and a local business were targeted.