The Breach
Cybercriminals allegedly stole and leaked sensitive internal documents related to the Los Angeles Police Department (LAPD). According to TechCrunch, the LAPD stated the incident did not involve LAPD systems or networks, but instead affected “a digital storage system” belonging to the LA City Attorney’s Office.
The leaked data surfaced online via Distributed Denial of Secrets, a transparency group that hosts breach data. Emma Best, the group’s founder, said in an online post that the extortion gang World Leaks was responsible for the breach. Best reported that she reviewed some of the posted data before it was deleted from the gang’s leak website, where the group publicizes breaches to pressure victims into paying ransoms.
What Was Exposed
According to The Los Angeles Times, the stolen material included police officer personnel files, internal affairs investigations, and discovery documents. These documents can contain unredacted criminal complaints and personal information such as witness names and medical data. The reporting notes that most police officer records under California state law are classified as private, making the alleged leak significant if the data is authentic.
Attribution and Investigation
Best’s post attributes the attack to World Leaks, an extortion group that publicizes breaches on a leak website as part of its ransom pressure strategy. TechCrunch reports that it is unclear why the data is no longer listed on World Leaks’ website. The LAPD stated it is investigating the breach and “working with the LA City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach.”
Security Implications
The incident demonstrates how attackers can access sensitive data without directly compromising a target agency’s networks. In this case, the breach occurred through a shared digital storage system associated with the LA City Attorney’s Office rather than LAPD infrastructure. Security teams may observe how the LAPD and City Attorney’s Office determine the extent of unauthorized access, investigate how the data was removed from the leak site, and identify which controls failed in the storage and disclosure pipeline.
Source: TechCrunch