A sweeping data breach has reportedly exposed personal records and sensitive information belonging to thousands of people, including state employees and their contacts.
The incident was caused by an employee at the agency's Unclaimed Property Division clicking on a phishing email.
The unauthorized user had access to records in the state's Unclaimed Property Holder Reports.
The hacker also had access to the employee's Microsoft Office 365 files but the controller's office denied it.
TPRM report: https://scoringcyber.rankiteo.com/company/california-state-controllers-office
"id": "cal917622",
"linkid": "california-state-controllers-office",
"type": "Breach",
"date": "03/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Government',
'name': 'Unclaimed Property Division',
'type': 'Government Agency'}],
'attack_vector': 'Phishing Email',
'data_breach': {'number_of_records_exposed': 'Thousands',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Records',
'Sensitive Information']},
'description': 'A sweeping data breach has reportedly exposed personal '
'records and sensitive information belonging to thousands of '
'people, including state employees and their contacts.',
'impact': {'data_compromised': ['Personal Records', 'Sensitive Information'],
'systems_affected': ['Unclaimed Property Holder Reports',
'Microsoft Office 365 Files']},
'initial_access_broker': {'entry_point': 'Phishing Email'},
'post_incident_analysis': {'root_causes': 'Human Error'},
'title': 'Unclaimed Property Division Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}