The California State Controller’s Office (SCO) was recently a victim of phishing. According to its website, an employee of the SCO’s Unclaimed Property Division clicked on a link in an email, entered their user ID and password, and unknowingly provided a hacker with access to the email account. According to the website, “SCO has reason to believe the compromised email account had personally identifying information contained in Unclaimed Property Holder Reports. The unauthorized user also sent potentially malicious emails to some of the SCO employee’s contacts.”

The SCO was in the process of notifying individuals who either received one of the malicious emails or may have had their information potentially exposed. SCO recommended these individuals place a fraud alert on their accounts with the three major credit bureaus. We have said many times that organizations must be vigilant in training employees not to click on links in emails, particularly when being asked to input user credentials and log in information. Given the fact that the SCO in California oversees disbursements for what California State Controller Betty T. Yee has called the fifth largest economy in the world, this attack could have been much worse.