Tag Archive for: california

California man says fraudulent accounts opened, home purchased in his name since city of Oakland ransomware attack


OAKLAND, Calif. — It’s been ten months since the city of Oakland, California’s network was hacked and the personal information of tens of thousands of people was leaked onto the dark web. Now, one victim says multiple accounts have been opened in his name, making fraudulent purchases, including a house.

Our sister station KGO was the first to report the city’s oversight — exposing dozens of victims who were never notified that their sensitive financial information was leaked.

“It’s a living nightmare,” said Oakland native Dedrick Warmack, as he anxiously checked his mailbox. “On the credit report, there’s credit cards that should’ve been closed, they’re now open with balances of $17,000 and $30,000.”

VIDEO: Dozens of Oakland ransomware victims never notified SSN were leaked on dark web

Dozens of victims of Oakland ransomware hack were never notified their social security numbers were leaked on the dark web, the I-Team found.

Warmack says his identity was stolen months after the city’s network was hacked.

“I have no idea how many accounts have been opened in my name,” he said.

Warmack says his credit score dropped more than 200 points, but he didn’t know at the time that was just the beginning.

At first, he says he started receiving strange phone calls and emails about refinancing a home. That was followed by letters he says he got from several banks notifying him of new accounts in his name.

“I knew something was going on,” he said.

Warmack is one of dozens of victims who previously filed a claim with the city alleging injury, but instead, ended up with their personal and financial information leaked.

Now, he says fraudulent checks are being made in his name.

RELATED: Oakland ransomware attack: Leaked data has more than 3.1K views on dark web

“Like this water and sewage bill for $2,000,” Warmack showed as he scrolled through his accounts. “This is not East Bay Mud…”

Warmack says some of the bills appear to be from New England.

“It says it’s an open balance, how can I have an open balance?”

From there — he says it only got worse.

“I’m getting notices about refinancing a home… and I’m like, I pay rent,” said Warmack. “Somebody has something in my name somewhere since October, I’ve been…

Source…

Eastern District of California | Carmichael Man Indicted for Sexual Exploitation of a Minor and Child Pornography Offenses


SACRAMENTO, Calif. — A federal grand jury returned a three-count indictment today against Sam Moss Kerfoot, 27, of Carmichael, charging him with sexual exploitation of a minor, distribution of child pornography, and possession of child pornography, U.S. Attorney Phillip A. Talbert announced.

According to court documents, in April and May 2022, Kerfoot sexually abused a minor and produced visual depictions of the minor engaged in sexually explicit conduct. In addition, Kerfoot is alleged to have distributed child pornography in April 2022 and possessed child pornography in June 2023.

This case is the product of an investigation by the Sacramento Valley Hi-Tech Crimes Task Force Internet Crimes Against Children unit including the Sacramento County Sheriff’s Office, with assistance from the Federal Bureau of Investigation and Homeland Security Investigations. Assistant U.S. Attorneys Emily Sauvageau and Alstyn Bennett are prosecuting the case.

If convicted of the charges as alleged, Kerfoot faces a minimum statutory penalty of 25 years in prison, a maximum of 50 years in prison, and a $250,000 fine for sexual exploitation of a minor; a minimum statutory penalty of 15 years in prison, a maximum of 40 years in prison, and a $250,000 fine for distribution of child pornography; and a minimum of 10 years in prison, a maximum of 20 years in prison, and a $250,000 fine for possession of child pornography. Any sentence, however, would be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables. The charges are only allegations; the defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute those who sexually…

Source…

Former Contractor Employee Charged for Hacking California Water Treatment Facility


A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.

The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. 

Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents. 

He worked at the company between 2016 and the end of 2020, and during this time he allegedly installed software that allowed him to access the facility’s systems from his personal computer. 

After he resigned in January 2021, he used that remote access software to enter the water facility’s systems and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels,” according to a press release from authorities in the Northern District of California. 

Gallo faces up to 10 years in prison and a $250,000 fine. 

It’s not uncommon for water facilities to be targeted, including by former employees. One of the most well-known incidents involves the water plant in Oldsmar, Florida. While initially it was believed that malicious hackers had tried to poison the water supply, recent reports said the incident did not involve any hacking and it may have actually been the result of human error. 

Advertisement. Scroll to continue reading.

Related: US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Related: Former Cisco Employee Sentenced to Prison for Webex Hack

Related: Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

Source…

More than 42,000 affected by ransomware attack on pro bono California law firm


More than 42,000 people had their information exposed during a ransomware attack on a California law firm that provides free services to those in need.

The Law Foundation of Silicon Valley notified regulators in California and Maine this week that the February ransomware attack on their offices resulted in the leak of Social Security numbers and other personal information.

The breach affected both clients and staff members. The law firm said it has about 90 attorneys, social workers, staff, and volunteers while helping about 10,000 people each year.

The firm, which has existed for nearly 50 years, posted a message on its website last week about the incident, confirming that they were the “victim of a sophisticated ransomware attack.”

“While operations were back up and running when offices reopened from the [Presidents Day] holiday weekend, data on one server was later discovered to have been compromised. The Law Foundation immediately engaged cybersecurity specialists who conducted an extensive forensic investigation,” they said.

“The investigation revealed that certain information within the Law Foundation’s system was unlawfully accessed and that the breach compromised the personal information of more than 40,000 clients, staff, and others.”

Information accessed includes: Social Security numbers, medical records, immigration numbers, financial data, driver’s license numbers, financial account/payment card information, passport/government identification, taxpayer-identification numbers, dates of birth and digital signatures.

The investigation into the incident ended on June 1 and the law firm spent another 30 days looking for addresses and contact information for victims, who are now being offered 12 months of identity protection services and identity theft insurance.

The victims involved included both adults and minors.

“We are in the business of helping people with important and sensitive life issues. The breach impacts the core of our nonprofit mission to help low-income individuals and families with serious issues to improve their lives. We have partnered with experienced vendors to notify and assist those who are impacted,” said Alison Brunner, CEO of…

Source…