LOS ANGELES – A Nigerian national has been charged in connection with a hack of Los Angeles County emails that might have exposed personal data from more than 750,000 people who had business with county departments, officials said.
Kelvin Onaghinor, 37, faces nine counts, including unauthorized computer access and identity theft, according to the Los Angeles County Chief Executive Office. He hasn't been arrested, and officials aren't sure if he is on U.S. soil.
Authorities were searching for more suspects in the hack, which occurred in May when a phishing email deceived 108 county employees into providing their usernames and passwords.
Some of those employees, according to officials, had "confidential client/patient information" in their email accounts through their county responsibilities.
A forensic examination found that about 756,000 individuals could have been affected through their contact with several departments, the Daily News reported Saturday.
There was no evidence as of Friday that any confidential information was released because of the breach. But on Thursday, officials began notifying people that their personal information was exposed and might have been compromised.
That information may have included first and last names, dates of birth, Social Security numbers, driver's license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history or medical record numbers.
The day after the attack, county officials said they learned of the breach and put in place strict security measures.
Notification of potentially affected people was delayed to protect the confidentiality of the investigation and to "prevent further harm," officials said.
Deputy District Attorney Donn Hoffman of the office's Cyber Crime Division said it can take time to investigate such cases as the attacker's digital footprint must be tracked, and because third-parties such as internet service providers often hold essential evidence, which must be obtained through search warrants.
"That's a time-consuming process," he said.
Hoffman said the case was still being investigated.
The county is offering free identity monitoring for those who may have been exposed, including credit monitoring, identity consultation and identity restoration.
Onaghinor faces 13 years in state prison if convicted.