Kelvin Onaghinor, 37, is charged with a hack of Los Angeles County emails. The breach potentially exposed personal information from over 750,000 people. The Nigerian man faces 9 counts, such as unauthorized computer access, identity theft and others, according to the office of the Los Angeles County chief executive. The hacker has not been arrested, and it is unknown whether he is on US soil. Onaghinor faces 13 years in prison if convicted.

In the meantime, the US authorities are searching for more suspects in the hack, which took place in May 2016. A phishing email sent by the hackers deceived more than hundred county employees into providing their usernames and passwords, and some of them had confidential client information in their email accounts. As a result, as many as 756,000 people are potentially affected through their contact with several departments. Although there is no evidence that any confidential information was released, the officials still started notifying people of the exposure and potential leak.

Security experts explain that affected information may include names, dates of birth, home addresses, phone numbers, SSNs, payment card and bank account information, as well as medical information.

The county officials also said they had put in place strict security measures, but delayed notification of potentially affected people in order to protect the confidentiality of the investigation. The latter could take time, because the hacker’s digital footprint must be tracked, while intermediaries like ISPs may hold important data that must be obtained via search warrants, which is a time-consuming process. In the meanwhile, the affected people are offered free identity monitoring, including credit monitoring, identity consultation and identity restoration.

Posted by:  SaM