County of Orange Social Services Agency

The County of Orange Social Services Agency experienced a data breach caused by unauthorized access to sensitive personal information by a former employee. Discovered in April 2018 but reported publicly on May 13, 2021, the incident exposed highly confidential data, including Social Security Numbers (SSNs) and medical records of affected individuals. The breach involved internal misuse of access privileges, leading to the compromise of personally identifiable information (PII) and protected health information (PHI). Such data, if exploited, could result in identity theft, financial fraud, or targeted phishing attacks against victims. The delayed disclosure—spanning over three years—further heightened concerns regarding transparency and regulatory compliance. While the exact number of impacted individuals was not specified, the nature of the exposed data suggests severe risks to privacy, trust in public services, and potential legal repercussions for the agency. The incident underscores vulnerabilities in internal controls, employee monitoring, and timely breach response protocols within government-affiliated organizations.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-540834

TPRM report: https://www.rankiteo.com/company/county-of-orange

"id": "cou959091725",
"linkid": "county-of-orange",
"type": "Breach",
"date": "4/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Public Administration / Social Services',
                        'location': 'Orange County, California, USA',
                        'name': 'County of Orange Social Services Agency',
                        'type': 'Government Agency'}],
 'attack_vector': 'Unauthorized access by former employee',
 'data_breach': {'personally_identifiable_information': ['Social Security '
                                                         'Numbers',
                                                         'medical records'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': 'April 2018',
 'date_publicly_disclosed': '2021-05-13',
 'description': 'The County of Orange Social Services Agency reported a data '
                'breach involving unauthorized access to personal information '
                'by a former employee. The breach affected various sensitive '
                'information types, including Social Security Numbers and '
                'medical records.',
 'impact': {'data_compromised': ['Social Security Numbers', 'medical records'],
            'identity_theft_risk': 'High (SSNs and medical records exposed)'},
 'post_incident_analysis': {'root_causes': 'Insufficient access controls for '
                                           'former employees; lack of '
                                           'monitoring for unauthorized data '
                                           'access'},
 'references': [{'date_accessed': '2021-05-13',
                 'source': 'County of Orange Breach Notification'}],
 'response': {'communication_strategy': 'Public breach notification issued '
                                        '(May 13, 2021)'},
 'threat_actor': 'Former employee',
 'title': 'County of Orange Social Services Agency Data Breach by Former '
          'Employee',
 'type': 'Data Breach (Insider Threat)'}

County of Orange Social Services Agency

Varsity Brands Inc.: Healthcare AuthorityDeals & Corporate GovernanceDigital Health & TechnologyOtherPolicy & Compliance

OpenAI and Google: OpenAI Hit with Class-Action Privacy Lawsuit for Sharing ChatGPT Data with Google and Meta

OpenAI: The ChatGPT desktop app for Mac just got hit with a security breach