A digital vault door has been blown wide open in Los Angeles.
A massive data breach has ripped through the city’s legal infrastructure, spilling 7.7 terabytes of highly sensitive police records tied to the LAPD into the open. The leak comprises roughly 337,000 files, including internal affairs investigations, unredacted criminal complaints, witness identities, and even officers’ medical information.
While authorities have acknowledged the incident, they have also clarified that the LAPD’s system remained intact and that the hackers gained access to a third-party discovery system used by the Los Angeles Attorney’s office. The LA Times reports that an investigation has been launched and that relevant authorities are taking the matter seriously.
A detailed overview of the incident
According to a statement from city spokesperson Ivor Pine, cited by the LA Times, the breach was noticed on March 20. On that day, the office recognized “unauthorized access to a third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Pine noted that after the observation, the office “took immediate steps to secure the tool and investigate what information was accessed.” However, it seemed that by then the hackers had already obtained the data. LA Times notes that the very day Pine said the City’s Attorney’s Office noticed the breach, a hacking group publicly claimed to have accessed files relating to the office.
According to TechCrunch, the hackers posted the leaked data on Distributed Denial of Secrets, a transparency group founded by Emma Best in 2018. In a Bsky post, Best acknowledged reviewing the files and hinted that World Leaks is behind the breach.
World Leaks is a ransomware group, but it’s unclear whether they contacted those involved, as the leaked data that briefly circulated online, particularly on X, is no longer accessible.
Corroborating the LA Times’s report that the hackers likely took it down, Best confirmed that it has been removed. In Best’s words, “I no longer see it on World Leaks’ site, even logged in. Unclear what happened.”
Scope of the breach, potential implications, and reactions so far
Already, the breach has begun stirring rising tensions among the involved parties.
While the attorney’s office said it alerted relevant bodies, including the FBI, which confirmed it was investigating the incident, it apparently failed to inform some of them. The Los Angeles Police Protective League (a representative union of its rank-and-file officers) claims it was left in the dark all along.
The union said that, despite the incident being noticed weeks before it began circulating online, they only learned of it when they read the LA Times. As of Apr. 8, the union, in its public statement, said:
“The City Attorney has still not provided the union with an honest assessment of the breach’s magnitude, who was impacted, what was disclosed and how this could have happened.”
Expressing their disappointment, they added, “To say we are disappointed by the lack of urgency and forthrightness from the City Attorney’s office is an understatement. We will keep asking the tough questions and once we receive answers we will take appropriate action.”
The LAPD, in its public statement about the breach, notes that the “breach does not involve any LAPD systems or networks,” but rather, a compromise affecting a storage system in the City Attorney’s office. It also claimed that the leaked files were from settled civil disputes.
However, one of the X accounts that circulated the news claims that it was untrue. @WhosThatCop, on its X account, claimed that one of the cases seen from the files was from an ongoing sexual assault case. Such suggests that the LAPD might be trying to downplay the severity of the incident.
In addition, the LA Times reports that the LAPD has not formally addressed the incident internally. Citing an unnamed source, the LA Times reports that LAPD employees were vaguely asked on Monday to regularly change their passwords. And no formal mention of the incident was made.
The LAPD in its statement also added that they “take this incident very seriously and are working with the L.A. City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach.”
With 7.7 terabytes of data exposed, the LA Times says affected officers can sue the LADP, resulting in a “round of costly lawsuits.”
How organizations can reduce breach risk
When breaches like this happen, they rarely stem from a single failure. More often, they expose a chain of weak links—especially where third-party systems intersect with sensitive data.
Ken Underhill, cybersecurity expert at TechnologyAdvice, says tightening these gaps is essential for organizations handling high-risk information. He suggested that they:
- Conduct third-party risk management (TPRM) of vendors and require minimum security best practices in SLAs.
- Enforce strong access controls, including multi-factor authentication, least privilege, and privileged access management, for all systems that handle sensitive records.
- Encrypt sensitive data in transit and at rest, while limiting storage in external tools and using segmentation.
- Monitor systems for unauthorized access and data exfiltration using endpoint protection and data loss prevention solutions.
- Test incident response plans and use attack-simulation tools with scenarios focused on data exfiltration.
Ultimately, resilience comes from assuming that breaches are possible and building layered defenses that reduce their impact when they occur.
For more on how security teams can respond faster and smarter to incidents like this, check out this guide on using ChatGPT prompts for SOC analysts and incident response.
Read the full article here
