https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/
Exploit: Phishing
California State Controller: State Government Agency
Risk to Small Business: 2.412 = Severe A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO). The agency announced that attackers had access to the email records of an employee in its Unclaimed Property Division after the employee clicked a phishing link and then entered their email ID and password.
Individual Risk: 2.309 = Severe The saff data featured lists of individuals and their Social Security numbers, retirement documentation, and 2019/2020 benefit enrollment and adjustment requests. In the student data batch, the gang scored photos, dates of birth, home addresses, passport numbers, immigration status, names of individuals and Social Security numbers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Something as simple as one mishandled email can wreak havoc on your business. No matter how busy you are, training has to be a priority to avoid this consequence.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
