Cyber Attacks in California in 2024

cyber attacks in california

California, the world’s tech capital, has become the target of choice for cyber attacks in 2024, with attacks growing in size and complexity across all industries. From ransomware taking down operations to phishing and malware stealing sensitive data, these attacks are more frequent and sophisticated, causing financial and reputational damage.

With increasing reliance on digital infrastructure, healthcare, construction, and manufacturing vulnerabilities are more exposed, making the role of cybersecurity more critical than ever.
According to the Verizon 2024 data breach report 68% of breaches involved victims falling to a social engineering attack and 14% of breaches involved the exploitation of breaches which is triple the number in 2023. Whereas, 62% of the total breaches were involved in ransomware attacks, and California is on attackers’ top hit list.

This blog discusses California’s evolving cyber threat landscape, key incidents, common causes of breaches, and the preventive measures to mitigate the associated risks. It also provides actionable tips and highlights the importance of working with a professional Managed Services Provider to give your business the tools and strategies to stay ahead of the threats.

Cybersecurity Landscape in California

With countless innovations and technologies emerging from the Silicon Valley and other regions of California, the Golden State has become a major target of cybercriminals. They face growing cybersecurity threats, including attacks on its massive tech infrastructure. To combat these threats, the state has laws like the California Consumer Privacy Act (CCPA), which requires transparency in data practices and gives consumers control over their info. It also fines up to $7,988 for noncompliance.

The California IoT Security Law requires connected devices to have reasonable security measures to prevent unauthorized access.

The California Data Breach Notification Law requires organizations to disclose breaches. This law mandates that whenever any organization faces any attacks, it must notify the victims and deploy countermeasures to prevent such threats.

In 2024, managed IT services have added different types of managed services for businesses including cyber defense protocols for healthcare, finance, and other sectors through real-time monitoring, threat mitigation, firewall configurations, vulnerability assessments, cloud-based backup systems, and AI-driven threat detection tools. By working closely with cybersecurity service providers and experts, California is dedicated to protecting its systems and staying ahead of threats.

Types of Cyberattacks On the Rise in California in 2024

types of cyber attacks in rise in california in2024
Image: Common Cyber Attacks in Rise in 2024

Malware, ransomware, phishing, and social engineering are the three most prominent cyberattacks in 2024. These digital threats leverage system vulnerabilities and exploit human behavior, ultimately leading to massive operational disruption, data loss, and financial loss. Understanding these threats allows organizations to implement effective defensive strategies to protect their systems.

Malware

Malware is malicious software that infects and damages systems. It infiltrates your system through an email attachment, suspicious downloads, and malicious ads. Some malware types, like spyware, silently collect confidential information, while trojans open backdoors for unauthorized access and exploitation.

Other forms of malware include adware, worms, keyloggers, RAT attacks, bots, fileless malware, and mobile malware. All these disrupt operations and steal valuable data, which are costly to recover.

In 2024, AV-TEST Institute found over 103 million new strains of malware and potentially unwanted programs (PUPs). It is also reported that an organization spends over $2.5 million to resolve a malware attack. So, companies must have effective countermeasures to restrict malware attacks and massive financial loss to ensure business continuity.

Ransomware

Ransomware is a type of malware that encrypts files and folders, making it inaccessible without the decryption key. Cybercriminals use it to extort payment for the release, and they demand digital currency like Bitcoin or other cryptocurrencies that are difficult to trace. Such malware infects your system via phishing emails and malicious websites. A weak login credential can also be the cause for its spread.

According to Verizon’s report, ransomware has accounted for 59% to 66% of the financially motivated threats in the past three years. This caused a median loss of $46,000, which ranged between $3 to $1,141,467 for 95% of reported cases. Such ransomware attacks lead to operational delays, reputational damage, and exposure of critical data, highlighting the necessity of backup protocols and vulnerability management.

Phishing and Social Engineering

Phishing is a form of fraud that forces people to give out information like credentials or payment information through fake emails or websites. Social engineering involves attackers using psychological tactics, such as impersonating executives or trusted entities, to bypass security controls based on urgency or trust.

These are particularly devastating for corporate environments, where the credentials used to access the network may lead to further breaches. According to an Ohio University report, 98% of cyberattacks are related to social engineering, initiating over 70% of data breaches. Successful attacks generally result in stolen funds, unauthorized system access, and intellectual property theft. Organizations deploy security measures like multi-factor authentication and employee awareness training to be safe from these attacks.

Cyber Attacks in Healthcare Sector in California in 2024

cyber attacks in healthcare

The California healthcare sector was one of the main targets of cyberattacks in 2024. They were victims of data breaches, phishing attacks, malware infections, and ransomware attacks, exposing sensitive patient and employee information. These attacks compromise daily operations and lower the brand identity and image of the healthcare facility. Some notable cases of these attacks are as follows:

Amergis Healthcare Staffing, Inc.

On February 6, 2024, Amergis Healthcare Staffing, Inc. experienced a significant data breach due to unauthorized third-party access. The breach compromised the Amergis email account, exposing the names, contact information, social security numbers, and personal data of 11,329 clients and employees. This incident led Amergis to implement enhanced data security through consultation with third-party experts. They also focused on awareness training and regular data security assessment and offered complimentary Credit monitoring services to affected individuals.

Here is the official press release from the company: Notice of Data Incident

Calibrated Healthcare, LLC

Calibrated Healthcare fell victim to a data breach in February 2024. They identified suspicious activity on their computer network on February 25 and 26. As soon as they noticed this activity, they took the system offline. The attackers copied some files without authorization. As a result, the healthcare facility conducted a detailed investigation and solidified its network security. They notified the potentially impacted individuals and offered credit monitoring services and identity protection services as compensation.

Here is the official press release from the company: Notice of data breach

Tri-City Healthcare District

Tri-City Medical Center, a California-based public hospital, faced a ransomware attack on November 9, 2023. The breach impacted the private and personal information, including names, dates of birth, Social Security numbers, financial information, medical information, and health insurance information, of 108,149 patients. The Inc Ransom ransomware group claimed responsibility for the attack in December 2023. Following the incident, Tri-City sought professional cybersecurity experts to secure its digital environment. They also provided complimentary credit monitoring and identity theft protection services through IDX.

The official notice letter: Official press release

Omni Family Health

A ransomware attack on August 7, 2024, caused Omni Family Health to lose critical patient and employee data. The Hunters International ransomware group was behind the attack. They stole 27 terabytes of data and leaked the information on the dark web. The stolen data included names, addresses, Social Security numbers, dates of birth, health insurance plan information, and medical information. Omni contacted cybersecurity specialists and strengthened their digital security. They notified the victims and offered them 12 months of complimentary credit monitoring and identity protection services through Experian. They released the official notice immediately after they were informed of the incident.

Cyber Attacks in Construction Firms in California in 2024

cyber attacks in construction firms

Construction companies in California are targets for cyberattacks, and 2024 has seen incidents that have exposed corporate data, disrupted business, and caused financial and reputational damage. With construction companies increasingly relying on digital tools for project management and communication, their risk of data breaches, ransomware, and malware increases. Below are the key cases from 2024 that show the impact on construction companies and actions taken to mitigate future risks.

Dome Construction Corporation

In October 2024, Dome Construction Company’s data breach exposed project data and employee records. The breach was caused by unauthorized access through compromised credentials, which the attackers used to enter the internal systems. The attack delayed project timelines and threatened client confidentiality. Dome responded by revoking compromised credentials, improving authentication, and deploying endpoint protection to secure the data. They also provided 24 months of credit and identity monitoring services. The notice of data breach was published on November 22, 2024, while the date of breach was on Saturday, October 19, 2024.

Kulicke and Soffa Industries

Kulicke and Soffa Industries’ certain files were encrypted on May 12, 2024. The attackers behind this attack were the ransomware group called “LockBit Black.” The attackers exploited K&S network vulnerability to steal personal data such as full name, Social Security Number, address, financial information, medical information, and other sensitive information. This information was posted on the dark web by the attackers. After learning about the data breach for the first time on May 12, 2024, K&S reset all login credentials for all employee accounts, suspended mobile email access, and removed malicious files while enhancing its monitoring, logging, and detection capabilities.

Martin Sprocket & Gear, Inc.

In July 2024, Martin Sprocket & Gear, Inc. was accessed by an unauthorized user. The cybercriminals exposed their server vulnerability and infiltrated employee data. It included first and last name, date of birth, health information associated with insurance plan coverage, driver’s license, financial account and payment card information, and/or Social Security number. The construction firm contacted a third-party forensics provider and implemented security controls to avoid such attacks in the future.

WICR Waterproofing and Construction Inc.

In January 2024, WICR Waterproofing and Construction Inc.’s accounting system was hacked. The attackers used fake emails to access internal systems and contacted customers, informing them about the change in company information, email, other fundamental information, and payment methods. This phishing attack impacted many people, but the number was not disclosed. To address the issue, WICR upgraded its email security, enabled multi-factor authentication, and trained its employees in cybersecurity.

M Bar C Construction

M Bar C Construction experienced a significant data breach between July 9, 2020, and October 2, 2020. The breach compromised customer personal information, such as social security numbers, driver’s license numbers, and/or bank account information. The construction company contacted leading cybersecurity experts to launch an internal investigation and conducted a detailed security and network assessment. They also acquired Kroll’s services for proactive monitoring. M Bar modified and adjusted its network practices and internal controls to strengthen its security system.

Cyber Attacks in Manufacturing Firms in California in 2024

cyber attacks in manufacturing firms
cyber attacks in manufacturing firms

California manufacturing has seen a surge in cyber attacks in 2024, exposing operational data and supply chains. With more automation and digitization, manufacturers are susceptible to ransomware, malware, and data breaches that can stop production, erode customer trust, and cause financial loss. Here are some examples of cyber attacks that hit significant California manufacturers and what they did to mitigate future risks.

Utility Trailer Manufacturing Company

Utility Trailer Manufacturing Company was hit by a data breach between April 5 and 25, 2021, which exposed employee records and operational data. Attackers exploited the employee access management system and got unauthorized access to the full name and social security number of 28,703 individuals. Internal workflows were disrupted, and intellectual property theft was a concern. The company updated its access policies, implemented multi-factor authentication, and deployed threat detection tools to catch breaches early.

Cambro Manufacturing

On August 13, 2021, Cambro Manufacturing was hit with a malware attack on its computer systems, which caused operational delays​. The malware spread through unauthorized access to the internal computer systems and exploited weak endpoint protections. Cambro immediately shut down the impacted system to secure the network and started a thorough investigation with the help of third-party computer forensics. To prevent future attacks, Cambro invested in advanced endpoint security and employee cybersecurity training to address the breach and updated its incident response protocols to minimize future risks.

Taylor-Dunn Manufacturing

Taylor-Dunn Manufacturing was attacked by crypto mining malware on the online customer care and dealer centers server on January 24, 2018. The unauthorized access compromised the customer’s name, address, phone number, email address, and customer care or dealer center username and password. To mitigate the threat, the manufacturing company immediately terminated the impacted server and contracted a cybersecurity firm. After that, they solidified their online customer care and dealer center portals’ security system.

Other Affected Sectors

Cyberattacks in 2024 have exceeded healthcare and manufacturing and hit diverse sectors in California. These attacks show the widespread data security weaknesses across different organizations. Below are examples from sectors with data breaches, ransomware attacks, and malware incidents, as well as their varied impact and response to tackle the threats. You can visit the California Data Breach Registry for a complete list.

Young Life

Young Life experienced authorized access to its computer system between June 13 and 14, 2024. Here is a complete breakdown of the attack:

  • Type of Attack: Malware attack
  • Cause of the Attack: Network vulnerability
  • Impact: Data breach impacting names, Social Security numbers, financial account information, and payment card information of 51,226 individuals
  • How the Organization Responded: Young Life reviewed the infiltrated files and sent out letters to affected users
  • Lessons Learned: Provided 12 months of complimentary credit monitoring services to affected individuals

Byte Federal Inc.

Byte Federal Inc. experienced a data breach on September 30, 2024, that impacted around 58,000 customers. The cryptocurrency company halted its operation and locked down its database. Further information on the incident is highlighted below:

  • Type of Attack: Phishing attack
  • Cause of the Attack: Vulnerability in GitLab, misconfiguration in web server
  • Impact: The GitLab code repository was compromised, and hardcoded data containing personal information, social security numbers, Government-issued ID numbers, user photos, and cryptocurrency transaction histories were accessed by the attackers
  • How the Organization Responded: Byte immediately blacklisted the attacker’s public address, performed a hard reset on all customer accounts, updated all internal passwords and account management systems, and revoked tokens and keys used for internal network access
  • Lessons Learned: Implementation of global security token rotation, IP restrictions, enhanced firewall rules, internal security monitoring tool, and reset all customer accounts and internal passwords

Los Angeles County Superior Court

On July 19, 2024, the Los Angeles County Superior Court was hit by ransomware that encrypted case management data. When the court discovered the cybersecurity attack, operations were halted, and the court vigorously worked to restore the system.

  • Type of Attack: Ransomware attack
  • Cause of the Attack: System vulnerabilities
  • Impact: All the court operations were suspended, the entire network system was shut for 5 days, and it took 11 days to get its operations back to their original state
  • How the Organization Responded: The court disabled its network systems to protect data and sought outside experts for restoration of the system
  • Lessons Learned: Earlier investments to strengthen cybersecurity included advanced backup, extended detection and response (XDR), zero-trust access controls, and/or other modern solutions that helped to detect the attack early and act robustly to limit the damage

ConnectOnCall.com

ConnectOnCall.com, a subsidiary of Phreesia, was infiltrated by an unknown third party who accessed sensitive application data between February 16 and May 12, 2024.

  • Type of Attack: Hacking/IT incident
  • Cause of the Attack: Network server breach
  • Impact: The data breach impacted 914,138 individual data shared in communication between patients and healthcare providers, including personal information, social security numbers, and health conditions, treatments, or prescriptions-related information
  • How the Organization Responded: ConnectOnCall.com took the affected platform offline and worked continuously for a phased restoration of the product
  • Lessons Learned: Partnered with a cybersecurity specialist to conduct a full security review and provided identity and credit monitoring services via Kroll for victims whose social security numbers were compromised

Common Causes of Cyber Attacks in California

Cyber attacks in California come from system vulnerabilities and human factors that attackers exploit. Here are the most common causes of these attacks and how they work.

  • Phishing and Social Engineering: These tactics get individuals to reveal sensitive information or grant access. Attackers use fake emails, impersonation, and urgency to exploit human error and bypass security. WICR Waterproofing and Construction Inc. fell victim to a phishing attack in which the attackers used fake emails to access internal systems and the user’s personal information.
  • Weak Password Policies: Poorly enforced password policies, such as using simple or reused passwords, make systems vulnerable to brute-force attacks. Weak passwords allow attackers to access your network and sensitive data. This was the case in the Young Life breach, where weak passwords allowed unauthorized access to donor records.
  • Unsecured Cloud Configurations: Misconfigured cloud systems expose sensitive information and create entry points for attackers. Weak access controls and poor setup lead to data leaks or breaches. Kulicke and Soffa Industries were breached because of vulnerabilities in their cloud setup that exposed sensitive corporate data.
  • Outdated Systems and No Updates: Systems that are not updated regularly are exposed to known vulnerabilities. Attackers exploit these gaps to access the network, inject malware, or deploy ransomware. This was evident with the Tri-City Healthcare District ransomware attack, where outdated systems allowed attackers to encrypt critical data and shut down operations.
  • Third-Party Vendor Risks: Vendors with poor security practices pose considerable risks to organizations. Attackers use the supply chain to indirectly compromise data or systems. Omni Family Health was hit by malware through a compromised vendor, affecting its financials and patient care.

Recommendations to Reduce Cyber Attacks

Preventing cyberattacks requires a combination of technology and awareness. Businesses should implement multi-factor authentication and strict password policies to prevent unauthorized access.

  • Conduct regular security audits to find system and network vulnerabilities and implement network segmentation to contain them.
  • Establishing incident response plans and data encryption helps secure data to minimize potential risks.
  • Employee training programs are key to educating staff on how to spot phishing attempts and data backup solutions to get backup data in the cloud and operate quickly during emergencies.
  • Partner with experts like Captain IT, a managed service provider in Riverside and Los Angeles you can trust, and get different types of IT services, advanced threat monitoring, and endpoint protection to build a strong defense against emerging cyber threats.

Get a FREE Network & Security Assessment

  • This field is for validation purposes and should be left unchanged.

Submit this form and someone will contact you within 5 minutes. We will never share your information with 3rd party agencies.