A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.
The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.
The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.
After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”
The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”
“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.
Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.
“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”
The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.
The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”
“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.
According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.
The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.
A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”
At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.
Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.
The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.
The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.
In all, according to posts about the data breach, 7.7 terabytes of information was available for download.
The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.
The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.
In a statement to The Times, the account’s anonymous operator applauded the hack.
“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.
According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.
The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.
The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”
The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.
The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.
Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.
Sensitive LAPD records leaked in hack of L.A. city attorney’s office
A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.
The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.
The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.
After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”
The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”
“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.
Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.
“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”
The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.
The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”
“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.
According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.
The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.
A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”
At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.
Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.
The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.
The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.
In all, according to posts about the data breach, 7.7 terabytes of information was available for download.
The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.
The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.
In a statement to The Times, the account’s anonymous operator applauded the hack.
“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.
According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.
The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.
The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”
The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.
The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.
Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.
Source link
Eight state attorneys general file suit to block TV station group merger
A group of attorneys general are taking legal action to block Nexstar Media Group’s proposed $6.2-billion acquisition of Tegna’s TV stations, calling the deal bad for consumer cable bills and local journalism.
A lawsuit filed Wednesday in U.S. District Court in Sacramento says the proposed deal by eight state law enforcers, including California Atty. Gen. Rob Bonta, claims the proposed deal will give Nexstar too much control of local TV stations, ultimately hurting consumers by diminishing the diversity of news sources in their markets.
Bonta said in a statement that the deal will cause “irreparable harm to local news and consumers who rely on their reporting as a critical source of information.” The plaintiffs also include state attorneys general in Colorado, Connecticut, Illinois, New York, North Carolina, Oregon and Virginia.
The Irving, Texas-based Nexstar is currently the largest station owner in the U.S., with 164 outlets including KTLA in Los Angeles. If the merger with Tegna succeeds, Nexstar would have 265 TV stations reaching 80% of the U.S. and multiple outlets in a number of markets.
The suit also claims that the merger would give Nexstar too much leverage in negotiating fees from pay-TV providers that carry their stations. Higher fees paid to Nexstar would be passed along to consumers in their cable and satellite bills, the lawsuit asserts.
Most of Nexstar’s stations are affiliates of ABC, CBS, NBC and Fox, all of which carry NFL football, the highest-rated programming on TV by a wide margin. Disputes over carriage fees between station owners and pay-TV providers often result in blackouts and service interruptions to consumers.
DirecTV, which serves around 11 million pay-TV subscribers in the U.S., filed a similar lawsuit in the same court on Thursday, claiming the Nexstar deal will “irreparably drive up consumer costs, reduce local competition, shutter local newsrooms, and increase both the frequency and duration of blackouts of key local teams and network programming.”
A Nexstar representative did not respond to a request to comment.
President Trump has said he favors Nexstar’s proposed deal. But every major TV station owner believes consolidation in the TV station business is necessary to thrive going forward as they battle to compete with streaming video platforms that have eaten away at their audience share.
The companies say they are at a disadvantage in competing with tech companies by being limited to owning stations in 39% of the U.S., a cap that was set in 2003.
Nexstar recently cut veteran anchors and on-air reporters from its stations in Los Angeles, Chicago and New York. Further reductions in local TV newsrooms would occur if Nexstar succeeds in acquiring Tegna, which would likely mean consolidation of local newsrooms in which it owns more than one station.
Source link
California trial attorneys push bills to rein in ‘bad actors’
A group of California trial lawyers is backing a package of bills aimed at policing their industry by ramping up the penalties for attorneys who recruit clients illegally or prioritize the desires of hedge fund investors.
The Consumer Attorneys of California, a prominent trade group, said it is supporting two bills this session meant to crack down on the “small number of bad actors engaged in illegal conduct that threatens to undermine public trust” in the state’s legal bar.
The group said the bills, introduced Monday by Assemblymembers Ash Kalra (D-San José) and Rick Chavez Zbur (D-Los Angeles), were a response to recent Times investigations involving California lawyers. The Times found nine clients within L.A. County’s $4-billion sex-abuse settlement who said they were paid to sue and, in some cases, fabricate claims that became part of the historic payout. Another story examined opaque investor financing arrangements used by some firms.
“We’re not trying to insulate ourselves from accountability,” said Douglas Saeltzer, president of the attorney group, in an interview. “There needs to be consequences.”
The bill introduced by Zbur would disbar any attorney who is convicted of illegally soliciting clients. Kalra’s bill would ban private equity firms and hedge funds from dictating case strategy after giving money to a law firm.
Plaintiff’s attorneys say the legislative push is an attempt to clean up their profession’s image. It comes amid efforts by companies and governments frequently targeted by lawsuits to rein in a barrage of litigation.
Uber is pushing a measure for the November ballot that would limit how much lawyers can collect in fees for car crash cases, encouraging Californians to “stop the billboard lawyer scam.” A coalition of California counties has simultaneously begun circulating language to lawmakers that would limit attorneys’ ability to sue over older sex-abuse cases, pointing to recent allegations of fraud.
Zbur’s legislation, Assembly Bill 2039, would require the State Bar strip the license of any attorney with a felony conviction for a practice known as capping, in which law firms directly solicit or procure clients to sign up for lawsuits. Currently, attorneys convicted of capping can face suspension or probation, but are eligible to keep their license.
Under the bill, the attorney also would be disbarred for a misdemeanor capping conviction if the lawyer “acted knowingly and for financial gain.”
“It really is making very clear that if you’re engaging in this kind of capping, then there’s going to be a consequence,” Zbur said.
All clients who said they were paid to sue L.A. County over sex abuse were represented by Downtown LA Law Group, one of Southern California’s largest personal injury firms. The firm, also known as DTLA, is under investigation by the district attorney, the State Bar and L.A. County.
DTLA has denied any wrongdoing and said its lawyers “operate with unwavering integrity, prioritizing client welfare.”
Zbur’s bill also would provide whistleblower protections to people who report on attorney misconduct and tighten the rules around client loans. California is one of the few states where lawyers can lend money directly to clients.
Other states have barred the practice, concerned that direct loans give an attorney too much leverage over their clients.
The second bill introduced Monday, AB 2305, is aimed at the rising trend of private equity firms and hedge funds lending money to law firms and profiting from the payouts. The Times reported in December that investors were financing some of the flood of sex-abuse litigation against L.A. County.
Supporters of litigation finance say it gives attorneys the funding they need to take on deep-pocketed corporations and represent victims who can’t afford to sue on their own. Critics say investors can secretly sway case strategy, putting their profit before the best interests of a client.
“These Wall Street investors are salivating,” Kalra said. “This is just gonna clearly say, ‘No, no more. We’re not gonna allow these types of investments to influence the practice of law.’”
Kalra’s bill would bar investors from weighing in on litigation, such as who the firm should take on as a client and when they should settle a case. Any contracts that allow investor influence would be void under the law.
It’s unclear how the restrictions would be enforced. It’s often difficult to tell when an investor is financing a firm’s caseload, much less whether they’re exerting influence on a case.
Lawyers already are barred under the State Bar’s rules from allowing a third party to dictate case strategy and are barred in many cases from sharing legal fees with a nonlawyer.
“We’re finding that’s not enough,” Kalra said. “We actually need clear statutory safeguards.”
Source link
Attorneys for LA superintendent deny wrongdoing after FBI raid
Los Angeles Unified School District Superintendent Alberto Carvalho interacts with students in a classroom at Marlton School, a public special school for the deaf and hard of hearing students in Los Angeles. File Photo by Etienne Laurent/EPA-EFE
March 11 (UPI) — A superintendent in Los Angeles whose home and office was raided by the FBI last month released a statement Wednesday denying any wrongdoing.
Attorneys for Alberto Carvalho, the superintendent who is on administrative leave following the raid, said in the statement that they hope he is reinstated promptly. Carvalho is the superintendent of the Los Angeles Unified School District
“Mr. Carvalho remains confident that the evidence will ultimately demonstrate that he acted appropriately and in the best interests of students,” the law firm Holland & Knight said in a statement. “Mr. Carvalho respects the rule of law and the investigative process and has always acted in the best interest of students and within the bounds of the law.”
The attorneys and FBI have not clarified why Carvalho’s home and office were raided or what sparked the investigation into the superintendent.
“While the government’s investigation remains ongoing, no evidence has been presented by prosecutors supporting any allegation that Mr. Carvalho violated federal law,” the statement said.
The Los Angeles Unified School District is scheduled to hold its first regular school board meeting since the raid on Tuesday. It will be a closed session meeting. The agenda for Tuesday’s meeting includes a discussion about labor agreements.
Former teacher, principal and superintendent Andres E. Chait is serving as acting superintendent.
Source link