A Data Breach at City Hall

Robert LilesUncategorized

Just south of Downtown Los Angeles in Southern California’s Gateway Cities Region, the City of Huntington Park became another victim of a data breach. It is striking that this incident was an inside job. With a proper security solution in place, this was a preventable attack that could have been avoided.

Teresa Garcia, a budget analyst with the city’s Finance Department, was arrested in connection with the attack. The allegations against her include unauthorized access on city computers and identity theft. Following Garcia’s arrest, five more employees were removed from City Hall and immediately placed on administrative leave, which effectively shut down the Finance Department.

Contact Us Now

Huntington Park’s IT Department noticed the breach and reported it. After being notified, city police began an investigation. This further led to involving the Cyber Crimes Bureau of the Los Angeles County Sheriff’s Department to assist with the matter, eventually turning the case over to the county as the lead investigator.

Makings of a Data Breach

The Finance Department handles much of Huntington Park’s affairs dealing with money, including payroll, transactions, business licenses, and budgets. As such, employees of the department also have access to sensitive bank account and employee information. This prompted Huntington Park to advise that city employees be vigilant, as social security numbers and financial account information could have been compromised, though they did not believe that had happened.

Regardless, City Hall acknowledged that a “large-scale security breach of electronic financial records” occurred and that it was commencing an investigation to evaluate the scope and breadth of it. According to a claim she filed, the police seized some of Garcia’s belongings, including her phone, hard drive, and smartwatch. In the claim, Garcia further asserted that beginning in 2019 she made it a practice to download her work and accounting materials to a hard drive.

Garcia alleged that the city was mishandling public funds and violating its own procedure in that it was offering contracts to companies based on political ties. Garcia claimed that she was protecting herself, fearing that the FBI could implicate her in corruption charges tied to the city government in a case she believes is underway.

Whatever the case may be, Garcia had for some time habitually saved sensitive information to a hard drive. In many case, it takes only one instance to gather data this valuable.

Prevention and Response

Garcia used an external drive to save  this information; one that the city would (and should) consider unauthorized. Huntington Park would have benefited from software that restricts access, such as SecureGuard. This program limits access to a computer when an unauthorized device is inserted, which not only prevents an insider from saving files, but also protects against potential virus or malware uploads via an infected device.

SecureGuard gives administrators more control over company computers, namely through blacklisting and whitelisting USB devices to restrict access only to approved devices. The program locks the computer completely until the device is removed. It also provides administrators a detailed access log to show which devices were used on a computer, when they were used, and if the attempt was successful or not.

However, in Huntington Park’s case it will require detailed and thorough digital forensics work to fully understand how deep and extensive Garcia’s reach was. Not every entity can use the Los Angeles County Sheriff Department to investigate though, and need to reach out to a digital forensics provider.

If you are interested in protecting your data with SecureGuard, contact a SecureDrive expert at 1-800-875-3230 or visit www.securedrive.com for more information.

If you have been the victim of an internal breach and need a forensics technician to gather details for evidence, contact a SecureForensics representative at 1-800-288-1407 and get your case started today.