Brief OCEA System Vulnerability Successfully Resolved

Dear OCEA member,

As you may have been notified by your employer, a vulnerability was recently discovered on the OCEA website. This briefly resulted in an attempt by an unauthorized person or entity to redirect users from the OCEA site to their own link in an attempt to steal Microsoft login credentials.

Please read the following Q&A to learn more about this event and the remedies OCEA has implemented to correct the vulnerability:

Q: When did OCEA learn of the issue?

A: County of Orange Information Technology (OCIT) was alerted to the vulnerability, notified OCEA, and notified employees at their work emails on Tuesday evening, July 30, 2024.

Q: What was OCEA’s response?

A: Within an hour of being contacted by the County, OCEA IT located and fixed the issue. OCEA and OCIT have both confirmed the fix, and the vulnerability is no longer exploitable.

Q: Was any information taken from OCEA?

A: There is no indication any OCEA systems were accessed, or that any OCEA data has been compromised. 

If you have further issues with OCEA emails, please contact OCEA at (714) 835-3355.

In Solidarity,

Charles Barfield
OCEA General Manager

Publication Date: July 31, 2024