leaked

In the aftermath of a recent data breach that saw hackers make off with a vast trove of confidential police records, Los Angeles leaders have sought an explanation from the city’s top lawyer, whose office was targeted.

What they have gotten so far, according to Councilmember Ysabel Jurado, are answers that only leave more questions.

In an interview, Jurado said she had expected City Atty. Hydee Feldstein Soto to appear before the Government Operations committee this week, but instead had received an internal report offering a “high level view” of the breach that left many key details unaddressed.

“When did the city attorney’s office become aware, what actions were taken, and why were city officials not notified promptly?” Jurado said. “Right now, we’re still left to question and trying to assemble the information.”

The Times reported the existence of the hack last week, prompting further scrutiny by public officials — some of whom, like Jurado, said they hadn’t previously been informed. Since then, The Times has reviewed an inventory of 337,000 files that were compromised.

The documents amount to millions of pages, and appear to mostly come from civil lawsuits against the city that have been resolved in court. They range in nature from trip-and-fall cases to police excessive force.

During a brief discussion at the council committee Tuesday morning, Jurado said she had received information that an internal link used by the city attorney’s office to access the files had been clicked at least 5,000 times on the first day of the breach, which is thought to have occurred sometime in March.

The files were not secured by a password, according to sources who spoke previously with The Times and requested anonymity because they were not authorized to discuss the ongoing investigation. A senior police official last week assured the department’s civilian bosses, the Police Commission, that none of the department’s own systems had been compromised.

Jurado said she wanted answers for why and how the city had managed to leave exposed sensitive records, such as medical reports, autopsy photos and witness names.

“It’s just horrific to think that that was out there,” Jurado said.

The city attorney’s office responded to questions from The Times by referring to a public report issued April 17, which said a preliminary investigation indicated that “the incident was contained to that third-party environment, and that no other City applications, systems, or department records were accessed or affected.”

The report noted that the hackers teased “small samples” of the data on its dark web site over a week starting March 20, before publishing the whole thing on March 27. The data were taken down after about eight hours, and then reappeared again twice in early April, the report said.

In a separate letter to the police union, the office said it would begin notifying people whose information was compromised “without unreasonable delay.”

The inventory reviewed by The Times shows personnel files for LAPD officers who were accused of using excessive force against a Black military veteran during a traffic stop in 2021. Another file included the identities of witnesses who saw a man die after LAPD officers knelt on him during an arrest, the records reviewed by The Times showed.

Thousands of hours of uncut body camera footage were released. There were also medical records from thousands of cases in which police and other city employees were accused of misconduct. At least 1,060 of the files are labeled as confidential, the inventory says.

The city attorney’s office has said that it alerted senior LAPD officials and the city’s IT department as soon as they discovered the leak, and has in the weeks since been in regular contact with other city departments to assess the scope of the leak. The FBI has begun investigating the matter.

The situation has already cost Feldstein Soto, who is up for reelection, the endorsement of the powerful union for the LAPD’s rank-and-file officers, which withdrew its support after accusing the city attorney of failing to disclose the full extent of the breach.

The leak follows Feldstein Soto’s efforts to weaken the state’s public records law after the release of many police officer photos and other materials, which she demanded be returned.

Several attorneys whose cases were included in the list of compromised files told The Times they have not yet heard from city officials. Some said they could foresee the records leaked being used as justification to reopen old cases — or initiate new ones.

“I’m curious to know what exactly it is that the city attorney’s office had that they may not have disclosed to us in discovery,” Arnoldo Casillas, an attorney for the family of Eric Rivera, a 20-year-old man whose family sued after he was killed by police in Wilmington in 2017 and whose files are among those included in the leak, according to the inventory reviewed by The Times.

The case was later dismissed, but the family has filed an appeal.

Other attorneys whose lawsuits against the city and LAPD were listed among the hacked materials said they wanted to know exactly what was included in the files.

Robert Glassman, who successfully sued for $18 million last year on behalf of two elderly brothers who were badly injured when a speeding LAPD squad car broadsided their vehicle, said he also hadn’t heard from the city attorney’s office.

“You’d think that they would notify [the affected parties] and tell them that they’re working to get their information back,” he said.

Experts said similar cyberattacks on government offices across the country have shown it can take months or years for the dust to fully settle and the full scope of the damage to emerge.

James E. Lee, president of the Identity Theft Resource Center, a nonprofit organization that provides advice and assistance related to identity theft, said last year alone the center documented an all-time high of 3,322 hacks.

That’s almost certainly an undercount, given the number of cases that go undetected or unreported, Lee said. Of the recorded incidents, roughly 165 targeted government agencies — up from 47 in 2020, he said.

In the past, according to Lee, many attacks of government entities were carried out by state-sponsored actors, but the emergence of AI-powered hacking tools have allowed everyday people to carry off such incursions.

“They want data that they can repurpose: anything that’s going to have financial information, anything that’s going to have driver’s license information is going to be very valuable to them,” he said.

Matthew McNicholas, a lawyer who has represented many officers in their lawsuits against the city, said he has fielded numerous calls from clients worried their personnel and medical records were exposed.

The leaked records, the inventory shows, include a case in which McNicholas sued the city on behalf of a victim who said they’d been sexually molested as a minor by an employee at a city-run recreational center.

McNicholas said he is worried that the leak will expose the private information of police whistleblowers who came forward to reveal discrimination and other misconduct.

The Associated Press contributed to this report.

The disciplinary files of Los Angeles police officers are closely guarded secrets, protected by some of the nation’s strictest confidentiality laws.

But now, many of those secret files have been splashed across the internet, along with tens of thousands of other sensitive records from the L.A. city attorney’s office.

The extent of the data breach is still unclear, and city officials have said they are investigating to find out what was taken, who was responsible and how the city’s cybersecurity was compromised.

A ransomware hacking collective called WorldLeaks, which has gained a reputation for extorting private and public entities by threatening to disclose confidential files on the internet, has claimed responsibility.

The group first announced the breach on March 20. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information — or whether the city paid one. Some reports suggest that the group was behind a hack of L.A. Metro last month that forced it to shut down part of its transit network.

The Times spoke with several sources familiar with the investigation into the data breach who requested anonymity because they were not authorized to discuss the case publicly, and reviewed a partial inventory of the leaked files, including screenshots of some materials.

Here’s what we know so far.

How did hackers get the LAPD files?

The hacking group appears to have exploited vulnerabilities in a system used by the Los Angeles city attorney’s office, enabling the group to make off with nearly 340,000 files, according to the sources familiar with the case.

In the wake of the George Floyd protests, the sources said, the city was flooded with dozens of lawsuits from protesters who had been injured by LAPD officers. To handle the deluge of new cases, the city created a file-sharing system so that attorneys on both sides could access discovery materials, including some considered private under court orders.

It was akin to Dropbox or Google Drive, the sources said, and access was supposed to be restricted to just authorized users.

But the system, according to two sources familiar with the investigation, was not password-protected because city officials believed that it needed to be accessible to other parties, including outside attorneys hired to assist with civil litigation.

The sources said the system expanded far beyond its initial scope and came to include records from hundreds of lawsuits involving the LAPD.

In a statement issued to The Times on Wednesday, Ivor Pine, a spokesperson for the city attorney’s office, described the hack as “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”

How did the LAPD and city officials find out?

Few inside the LAPD knew about the extent of the leak until The Times published a story Tuesday revealing files that appeared online.

After the news broke on Tuesday, the department released a brief public statement acknowledging the disclosure of “discovery documents from previously adjudicated or settled LAPD civil litigation cases.” The department noted that the “breach does not involve any LAPD systems or networks.”

Pine said that once the city attorney’s office realized its file-sharing system was compromised, it “took immediate steps to secure the tool and investigate what information was accessed.”

“No other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems.”

What are the consequences of the massive leak?

The data breach could have political ramifications for embattled City Atty. Hydee Feldstein Soto, who is up for reelection.

Last week, she earned the endorsement of the powerful Los Angeles Police Protective League, which represents rank-and-file LAPD officers. But union officials contend that Feldstein Soto failed to mention the leaked documents to them until they learned of the hack Tuesday evening.

On Wednesday, the union issued a scathing statement.

“To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement,” the union’s statement said. “We will keep asking the tough questions and once we receive answers we will take appropriate action.”

Feldstein Soto’s challenger in the city attorney’s race, John McKinney, said the public deserves immediate answers.

“The lack of transparency isn’t just concerning, it’s unacceptable,” said McKinney, who currently leads the major crimes bureau at the L.A. County district attorney’s office. “By keeping the public in the dark, witnesses and Los Angeles Police Department families may have been put at risk.”

Lawyers for police officers reported numerous calls from clients worried their personnel and medical records were exposed, raising the prospect of more costly litigation. About 900 officers are currently suing the department over the 2023 release of mugshot-style images and other materials in response to a public records request.

How much information was snatched and what’s in it?

In all, according to posts about the data breach, 7.7 terabytes of information was available for download.

The LAPD statement described the files in the recent hack as coming from closed cases, but at least one of the files reviewed by The Times involved a lawsuit over an alleged sexual assault by a police officer that was set for trial next week.

Also disclosed were personnel files from dozens of current and former officers. Every officer’s personnel records are contained within a system called TEAMS II.

It is a detailed history that includes records on arrests they have made, training sessions they have attended, citizen complaints received against them and lawsuits they have been involved in, along with any history of traffic collisions, shootings or other uses of force, commendations, assignments, workers’ compensation claims and more.

Such records can be turned over as discovery in civil cases, but almost always under a protective order that restricts them from being shared publicly.

An untold number of internet users have downloaded the terabytes of data in the weeks since its release. What surfaces next remains to be seen.

A trove of sensitive Los Angeles police records, including officer personnel files and documents from Internal Affairs investigations, are among the materials seized by hackers in a breach last month involving the L.A. city attorney’s office.

The leak involves 337,000 files, including some of the LAPD’s most closely guarded records. The documents posted online include the disciplinary histories of officers and investigations into complaints against them, materials that are typically sealed from public view under state law.

The massive hack sent shudders through the department. Officials have sought to downplay the extent of the disclosure, but activists who have long pushed for more transparency around acts of officer misconduct quickly put a spotlight on sensitive files they were able to access.

After The Times published a story Tuesday about the hack, the Los Angeles Police Department issued a statement that said “unauthorized individuals had gained access to a digital storage system,” enabling them to obtain “discovery documents from previously adjudicated or settled LAPD civil litigation cases.”

The department noted that it was a compromise of the Los Angeles city attorney’s office computers and that the “breach does not involve any LAPD systems or networks.”

“We take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the department’s statement said.

Ivor Pine, a spokesperson for the city attorney’s office, said in a statement that the office first became aware March 20 of “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”

Pine said the office “took immediate steps to secure the tool and investigate what information was accessed,” including contacting law enforcement.

“The City Attorney’s Office has confirmed that no other City applications or systems were involved in this incident,” Pine said. “The information was self contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review.”

The Los Angeles Police Protective League — the union that represents the department’s rank-and-file officers — issued a statement Wednesday afternoon that criticized the city attorney’s office for its handling of the breach.

The union’s board of directors said City Atty. Hydee Feldstein Soto “should have picked up the phone and informed us about this egregious data breach when she claims she learned of it several weeks ago.”

“We first learned of the breach by reading the Times and the City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened,” the union’s statement said. “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”

Within the Police Department, there has been virtually no acknowledgment from senior leaders about the breach or its implications, according to LAPD sources who requested anonymity in order to discuss the confidential matter.

According to one of the department sources, there was a vague reference to LAPD employees needing to change their passwords more frequently at a regular meeting Monday of command staff — but no mention of the breach itself or what files had become public.

The data were obtained by a well-known hacking group known for conducting ransomware attacks on large entities and demanding payment, threatening to make the confidential data public on the web. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information and whether the city paid one.

A spokesperson for the FBI’s office in Los Angeles said the agency “is aware of the incident, is actively assisting the City’s Attorney’s Office, and is coordinating with partners.”

At least one hacking group on March 20 claimed to have access to the city of Los Angeles files. Cybercrime investigators from both the federal government and the LAPD have been pursuing the hack since last month, according to police sources who requested anonymity because they were not authorized to discuss the open case.

Some of the records have surfaced on social media platforms, including X. Among the first to share a file from the hack was the account @WhosThatCop, which regularly posts about information related to police accountability.

The account’s administrator said a security researcher first disclosed the breach. A link to the files apparently had been taken down by Tuesday afternoon.

The disclosure represents a stunning breach of police data. Some files circulating from the hack included personal health information of officers, witness interviews from criminal investigations and internal probes conducted by the department. Only rarely do Internal Affairs documents surface in civil lawsuits and criminal cases, and even then they are often heavily redacted.

In all, according to posts about the data breach, 7.7 terabytes of information was available for download.

The disclosure of confidential LAPD records could unleash a new round of costly lawsuits by officers. About 900 officers are currently suing the department related to a 2023 release of mugshot-style images — along with names, races and other demographic details of police officers — in response to a public records request.

The LAPD statement described the files in the recent hack as coming from closed cases. But the X account @WhosThatCop published a redacted internal affairs report from an apparently ongoing case. The case involves a lawsuit by a woman who alleges that she was sexually assaulted by an LAPD officer days after the officer took her into custody in 2022.

In a statement to The Times, the account’s anonymous operator applauded the hack.

“Sadly, having the public resort to transparency by relying on 340,000 City Attorney files being published at the hands of criminals is emblematic of the stonewalling and incompetence by City Attorney Hydee Feldstein Soto, Mayor Bass, and LAPD Chief McDonnell,” the operator said.

According to court filings, the city reached a conditional settlement with the woman on March 20 — the same day the data theft was revealed by hackers. The matter had been set to go to trial next week.

The lawsuit alleged that the officer, Gabriel Anthony Espadas, detained the woman on a mental health hold after responding to a call for service in the San Fernando Valley. The woman’s lawsuit contends that the officer “engaged in nonconsensual sexual activity” with her after her release.

The city defended itself in the lawsuit, saying the “two sexual encounters” involved an “off-duty, probationary officer” who was “not acting within the course and scope of his employment.”

The disclosure is the latest of several cybersecurity incursions targeting public agencies in Los Angeles. Last month, the city’s metro system shut down parts of its network after its security team detected hacking activity. Law enforcement and cybersecurity specialists are continuing to investigate who was behind the attack, authorities said.

The Los Angeles County Superior Court was hit by a ransomware attack in 2024 that infected its computer system with damaging software, forcing it to shut down for two days.

Times staff writers Clara Harter and Gavin J. Quinton contributed to this report.