Breach

The disciplinary files of Los Angeles police officers are closely guarded secrets, protected by some of the nation’s strictest confidentiality laws.

But now, many of those secret files have been splashed across the internet, along with tens of thousands of other sensitive records from the L.A. city attorney’s office.

The extent of the data breach is still unclear, and city officials have said they are investigating to find out what was taken, who was responsible and how the city’s cybersecurity was compromised.

A ransomware hacking collective called WorldLeaks, which has gained a reputation for extorting private and public entities by threatening to disclose confidential files on the internet, has claimed responsibility.

The group first announced the breach on March 20. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information — or whether the city paid one. Some reports suggest that the group was behind a hack of L.A. Metro last month that forced it to shut down part of its transit network.

The Times spoke with several sources familiar with the investigation into the data breach who requested anonymity because they were not authorized to discuss the case publicly, and reviewed a partial inventory of the leaked files, including screenshots of some materials.

Here’s what we know so far.

How did hackers get the LAPD files?

The hacking group appears to have exploited vulnerabilities in a system used by the Los Angeles city attorney’s office, enabling the group to make off with nearly 340,000 files, according to the sources familiar with the case.

In the wake of the George Floyd protests, the sources said, the city was flooded with dozens of lawsuits from protesters who had been injured by LAPD officers. To handle the deluge of new cases, the city created a file-sharing system so that attorneys on both sides could access discovery materials, including some considered private under court orders.

It was akin to Dropbox or Google Drive, the sources said, and access was supposed to be restricted to just authorized users.

But the system, according to two sources familiar with the investigation, was not password-protected because city officials believed that it needed to be accessible to other parties, including outside attorneys hired to assist with civil litigation.

The sources said the system expanded far beyond its initial scope and came to include records from hundreds of lawsuits involving the LAPD.

In a statement issued to The Times on Wednesday, Ivor Pine, a spokesperson for the city attorney’s office, described the hack as “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”

How did the LAPD and city officials find out?

Few inside the LAPD knew about the extent of the leak until The Times published a story Tuesday revealing files that appeared online.

After the news broke on Tuesday, the department released a brief public statement acknowledging the disclosure of “discovery documents from previously adjudicated or settled LAPD civil litigation cases.” The department noted that the “breach does not involve any LAPD systems or networks.”

Pine said that once the city attorney’s office realized its file-sharing system was compromised, it “took immediate steps to secure the tool and investigate what information was accessed.”

“No other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems.”

What are the consequences of the massive leak?

The data breach could have political ramifications for embattled City Atty. Hydee Feldstein Soto, who is up for reelection.

Last week, she earned the endorsement of the powerful Los Angeles Police Protective League, which represents rank-and-file LAPD officers. But union officials contend that Feldstein Soto failed to mention the leaked documents to them until they learned of the hack Tuesday evening.

On Wednesday, the union issued a scathing statement.

“To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement,” the union’s statement said. “We will keep asking the tough questions and once we receive answers we will take appropriate action.”

Feldstein Soto’s challenger in the city attorney’s race, John McKinney, said the public deserves immediate answers.

“The lack of transparency isn’t just concerning, it’s unacceptable,” said McKinney, who currently leads the major crimes bureau at the L.A. County district attorney’s office. “By keeping the public in the dark, witnesses and Los Angeles Police Department families may have been put at risk.”

Lawyers for police officers reported numerous calls from clients worried their personnel and medical records were exposed, raising the prospect of more costly litigation. About 900 officers are currently suing the department over the 2023 release of mugshot-style images and other materials in response to a public records request.

How much information was snatched and what’s in it?

In all, according to posts about the data breach, 7.7 terabytes of information was available for download.

The LAPD statement described the files in the recent hack as coming from closed cases, but at least one of the files reviewed by The Times involved a lawsuit over an alleged sexual assault by a police officer that was set for trial next week.

Also disclosed were personnel files from dozens of current and former officers. Every officer’s personnel records are contained within a system called TEAMS II.

It is a detailed history that includes records on arrests they have made, training sessions they have attended, citizen complaints received against them and lawsuits they have been involved in, along with any history of traffic collisions, shootings or other uses of force, commendations, assignments, workers’ compensation claims and more.

Such records can be turned over as discovery in civil cases, but almost always under a protective order that restricts them from being shared publicly.

An untold number of internet users have downloaded the terabytes of data in the weeks since its release. What surfaces next remains to be seen.

April 9 (UPI) — Oil prices were on the rise again on Thursday amid concerns a “fragile” cease-fire between the United States, Iran and Israel could unravel over continued fighting in Lebanon and few signs the Strait of Hormuz was about to reopen to shipping.

The Brent crude and West Texas Intermediate international benchmarks were both trading around 4% higher at $98.62 and $99.94 a barrel respectively in early afternoon trade on Thursday, after prices plunged Wednesday on the announcement of a two-week cessation of hostilities.

Share prices in Asia also fell overnight with the Nikkei 225 in Tokyo giving up some of the gains made on Wednesday with European stocks following suit when exchanges opened Thursday morning.

The market reacted to warnings from both sides that they were prepared to resume military action if the other did not adhere to truce terms neither party accepts are the same, with Tehran saying Israeli strikes on Lebanon were a “grave violation” and Washington saying Iran must comply with the “real” agreement.

There was also growing concern over the reopening of the Hormuz Strait, a key term of the agreement which must be implemented to ease the disruption to global oil supply that has sent prices soaring.

Iranian Deputy Foreign Minister Saeed Khatibzadeh told BBC Radio on Thursday that Iran would “provide security for safe passage” through the sea lane via which around a fifth of the world’s oil and gas is exported, but only “after the United States withdraws this aggression” — an apparent reference to the Israeli strikes in Lebanon.

He stressed that while the 21-mile wide strait had been “open for millennia” prior to the war, it was not international waters and that shipping only transited on the goodwill of Iran and Oman” — the sovereign countries on either side of the channel.

Khatibzadeh dodged questioning over how safe vessels would be and whether they would be required to pay tolls, saying Tehran wanted a “peaceful” arrangement, but that it would not permit “misuse” of the Gulf by warships.

However, London-headquartered shipping brokerage SSY Global said the Iranian navy had issued a warning to ships in the Persian Gulf that any vessels attempting to transit the Strait of Hormuz without permission “will be targeted and destroyed.”

Announcing the cease-fire on Tuesday, U.S. President Donald Trump said the deal hinged on the “complete, immediate, and safe opening” of the strait, a point pressed home on Wednesday by U.S. Vice President JD Vance, who said while there were signs the process was starting Iran was required to fully open the strait.

“The president is very, very clear the deal is a cease-fire, a negotiation. That’s what we give, and what they give is that straits are going to be reopened. If we don’t see that happening, the president is not going to abide by our terms if the Iranians are not abiding by their terms.”

The White House announced Wednesday that Vance would lead the U.S. negotiating team at talks due to get underway in Islamabad, Pakistan, on Saturday.

Khatibzadeh said Mohammad Bagher Ghalibaf, speaker of the Iranian parliament, would head up the Iranian side.

The talks will try to reconcile two very different visions of the way forward — a 15-point U.S. plan and a 10-point Iranian plan — with Iran’s nuclear program which the Americans want totally scrapped but Iran insists on retaining for civilian energy purposes — topping the agenda.

A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.

The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.

The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.

After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”

The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”

“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.

Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”

Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.

“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”

The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.

The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”

“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”

Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.

According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.

The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.

A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”

At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.

Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.

The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.

The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.

In all, according to posts about the data breach, 7.7 terabytes of information was available for download.

The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.

The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.

In a statement to The Times, the account’s anonymous operator applauded the hack.

“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.

According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.

The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.

The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”

The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.

The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.

Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.