Phishing Email Leads to Data Breach at the California State Controller’s Office

The California State Controller’s Office (SCO) Unclaimed Property Division recently experienced a data breach after an employee clicked on a phishing email. According to the Notice of Data Breach posted on the SCO’s webpage, an unauthorized user had access to the employee’s email account from March 18, 2021 at 1:42pm to March 19, 2021 at 3:19pm.

The SCO believes that the compromised account had personal identifying information of individuals contained in Unclaimed Property Holder Reports and potentially includes the property owner’s first and last name, address at the time the property was deemed lost, social security number, birth date, and the value of the property.

The SCO indicated that access to the compromised account was promptly removed and all emails were reviewed for any personal identifying information that may have been accessed. Per an article on The Sacramento Bee’s website dated March 23, 2021, a spokeswoman with the SCO stated that the SCO was notifying 9,192 people with unclaimed property whose information may have been accessed as well as another 9,000 people in the in the employee’s contact list.   As a consequence of the breach, the SCO recommends that individuals or companies who have been contacted by the SCO place a fraud alert on their credit and alert the credit bureaus to report the potential identity theft.

Holders should always use caution when transferring sensitive data to the states. We recommend encrypting data and utilizing state websites or secure file transfer sites, if available, when uploading holder reports to ensure the safe transfer of data. Finally, we recommend that your company have strict policies and procedures in place for the protection of data. With data breaches and fraudulent activities on the rise, companies may also have obligations under new state laws to safeguard personal identifying information.

Keep informed of new or changing unclaimed property compliance information by signing up to receive Keep UP! blog articles conveniently delivered to your email in-box.

*Content contained in this article is considered accurate as of the publish date.

Letter Q&A
Have questions about a notice you received?

If you received a letter or an email, please check out our FAQ section to learn more about next steps.

Say Hello
Contact us today to learn how we can help

We offer a customized approach to fit your specific needs.