Posted On February 18, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Sacramento County, California

February 18, 2022 – Sacramento County, CA, recently announced it was the victim of a “malicious phishing campaign” involving an unauthorized party using emails designed to trick county employees into revealing sensitive login credentials. As a result of the cyberattack, the personal and protected health information (“PHI”) information of certain individuals was compromised. Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating this security breach. As a part of the investigative process, our attorneys will be interviewing any victims of the breach to determine what harm was caused and whether they are eligible to bring a data breach class action lawsuit against Sacramento County.

Cyberattacks such as this one are increasingly common in today’s society. In fact, the Identity Theft Resource Center reports that the number of reported data breaches between 2020 and 2021 climbed from 1,108 to 1,862; an increase of 68%. Approximately 80% of these breaches involved sensitive consumer information.

When a hacker breaches a computer system, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after an organization experiences a data breach, they will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against Sacramento County?

When you allowed Sacramento County access to your personal data, you trusted the government to keep your sensitive information safe. However, news of the Sacramento County data breach raises some very serious questions about the government’s data security measures and whether more could have been done to prevent this type of cyber-attack.

Local government entities have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against an organization that failed to adequately protect their information. However, the investigation into the Sacramento County breach is only in its beginning phases. For that reason, it is too early to tell if the local government was legally responsible for the breach. However, our data breach attorneys are investigating the Sacramento County security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against Sacramento County, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from Sac County

If you receive a data breach notification from Sacramento County in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent to you, keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

The Details of the Sac County Data Breach

According to a statement from a Sacramento County representative, on June 22, 2021, several employees were the target of a “malicious phishing campaign” conducted by an unauthorized party. The cyberattack was designed to get the employees to provide their credentials to the unauthorized party. Five employees provided their login credentials.

Sacramento County conducted a follow-up investigation to determine the extent of the compromise information. And on, November 17, 2021, the county government confirmed that the breach resulted in “the exposure of 2,096 protected health information and 816 Personal Identifiable Information records.”

In response, Sacramento County began sending out data breach notifications on January 21, 2022.

If You Have Questions About Your Rights Following the Sacramento County Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Sac County, CA data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.