A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.
The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.
The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.
After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”
The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”
“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.
Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.
“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”
The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.
The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”
“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.
According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.
The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.
A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”
At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.
Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.
The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.
The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.
In all, according to posts about the data breach, 7.7 terabytes of information was available for download.
The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.
The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.
In a statement to The Times, the account’s anonymous operator applauded the hack.
“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.
According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.
The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.
The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”
The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.
The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.
Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.
Sensitive LAPD records leaked in hack of L.A. city attorney’s office
A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.
The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.
The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.
After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”
The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”
“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.
Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.
“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”
The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.
The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”
“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.
According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.
The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.
A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”
At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.
Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.
The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.
The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.
In all, according to posts about the data breach, 7.7 terabytes of information was available for download.
The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.
The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.
In a statement to The Times, the account’s anonymous operator applauded the hack.
“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.
According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.
The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.
The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”
The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.
The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.
Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.
Source link
FBI shuts down Iran-linked hacker group’s websites
March 19 (UPI) — The Federal Bureau of Investigation took down two websites that belong to an Iran-linked hacker group after it staged a global cyberattack on an American medical equipment company last week.
Two websites used by the group Handala — one that contained information about its hacks and the other used to dox people it alleges work with the Israeli military and related companies — were pulled down by the FBI on Thursday, NBC News and Techcrunch reported.
Handala was behind a “wiper attack” on the medical device maker Stryker’s computer system on March 11, which it said was in retaliation for a deadly strike on the Shajareh Tayyiba girls school in Minab, Iran.
“Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” a message left on both websites by the FBI said.
Portage, Mich.-based Stryker, which employs 50,000 people worldwide and manufactures a variety of medical devices, including orthopedic implants, surgical instruments and imaging systems, was forced to shut down for the day because of the global attack.
The attack affected the company’s internal Microsoft corporate environment and was not a ransomware attack, it said four days after the attack, after determining that no malware had been installed and the system was able to be restored.
Handala, which has been active since Oct. 7, 2023, is believed to be linked to Iran’s Ministry of Intelligence and Security, American and Israeli cyber security experts have said.
The group is thought to have attacked Stryker because it was awarded a $450 million contract by the Department of Defense last year, and said at the time that the attack specifically was in response to the U.S. bombing of the school.
Handala acknowledged on Telegram that its websites were no longer under its control, and said that the “aggressive action reveals the extent to which the enemies of truth will go to silence voices that unveil their atrocities.”
“To all truth-seekers and defenders of justice, we inform you that the Handala RedWanted website, which was dedicated to exposing Zionist crimes and raising global awareness, has also been seized and taken offline by order of the FBI,” Handala said, noting that a new website is under construction.
In the wake of the attack, experts have told UPI it should be a wake-up call for a wide swatch of U.S. companies that may have similar gaps in security, especially because rather than demanding ransom, the purpose of this attack was to destroy information and wreak havoc.
Source link