CDFA hack exposes usernames and passwords

A security incident at the California Department of Food and Agriculture (CDFA) has exposed sensitive and personal details to “external users,” the state government body said.

California’s food safety and agriculture watchdog recently started contacting individuals who may have been impacted by the security incident.

According to a data breach notice, the CDFA detected a security incident on March 4th that affected an external site – Plant Health and Pest Prevention Services.

“There was a breach of the site that exposed information to external users of the site,” reads the CDFA’s letter.

The breach exposed personally identifiable information (PII) such as names and last names, addresses, phone numbers, and email addresses, as well as the site’s users’ usernames and passwords.

“Since your username and password were involved, we recommend changing your password(s) to prevent unauthorized access,” the CDFA said.

Another California-based organization, the Los Angeles Department of Mental Health (DMH), was breached earlier this week, with attackers employing a push notification spam attack.

Attackers first breached the City of Gardena Police Department (GPD) and used email exchanges between GPD and DMH to contact an employee of the latter and access their email account.