June 24, 2024 at 09:57AM
The Los Angeles County Department of Health Services (DHS) revealed a data breach resulting from a push notification spamming attack on an employee’s Microsoft 365 account. Personal information may have been compromised, including names, addresses, Social Security numbers, and medical data. The DHS took immediate action to mitigate the breach and is offering identity monitoring services to impacted individuals.
From the meeting notes, it is clear that the Los Angeles County Department of Health Services (DHS) suffered a data breach due to an employee falling victim to a push notification spamming attack. The breach involved the compromise of personal information such as names, dates of birth, addresses, phone numbers, email addresses, government IDs, Social Security numbers, health insurance information, and medical information.
Upon discovery of the phishing attack, DHS took immediate actions such as disabling the impacted email account, resetting and reimaging the user’s device(s), blocking websites associated with the phishing campaign, and quarantining suspicious incoming emails. The agency also announced that it would provide potentially impacted individuals with one year of free identity monitoring services. Furthermore, it is unclear how many individuals might have been affected by this breach and whether it is related to a previous incident that occurred in February 2024.
Additionally, it was mentioned that SecurityWeek has reached out to the LA County DHS for more information on the incident and will update the article with any further details.
If you need any further assistance or summaries on other topics, feel free to ask!