A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.
The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.
The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.
After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”
The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”
“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.
Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.
“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”
The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.
The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”
“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.
According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.
The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.
A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”
At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.
Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.
The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.
The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.
In all, according to posts about the data breach, 7.7 terabytes of information was available for download.
The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.
The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.
In a statement to The Times, the account’s anonymous operator applauded the hack.
“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.
According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.
The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.
The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”
The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.
The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.
Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.