Los Angeles to extradite bloke from Nigeria after scores of city workers fall for phish scam
County claims chap tried to infiltrate medical, social services
Los Angeles wants to extradite a Nigerian man accused of swiping the passwords of more than 100 workers in 15 city and county departments via a phishing attack.
The metropolis' prosecutors have obtained arrest warrants seeking the extradition of Austin Kelvin Onaghinor from Nigeria to face charges of identity theft and unauthorized access to a computer.
The LA district attorney's office claimed on Friday that in May of this year, Onaghinor sent the emails to more than 1,000 of Los Angeles County's 120,000 employees. Of the 1,000, 108 of the messages tricked users into handing over their login credentials to city service portals.
If convicted, Onaghinor could face up to 13 years in prison.
The second-largest city in the US says that while it "thwarted" the attack, it is warning some residents that their personal information may have been exposed, and it's offering free identity protection services to the affected people.
The notice, which will be mailed out to the affected citizens, warns that the exposed data includes "first and last name, date of birth, Social Security number (SSN), driver's license or state identification number, payment card information, bank account information, home address, phone number(s), and/or medical information, such as Medi-Cal or insurance carrier identification number, diagnosis, treatment history, or medical record number."
"Due to the ongoing investigation by law enforcement, we were advised to delay notifying you of this incident until now, as public notice may have hindered their investigation," the notice reads.
Those whose personal information was exposed will receive one free year of credit and identity monitoring services.
The city says it will be improving its internal security and providing additional training to help employees spot and report phishing scams. ®
Sponsored: Becoming a Pragmatic Security Leader