Thousands of Los Angeles police caught up in data breach, personal records stolen

The department wasn’t aware until directly contacted by the hacker.
Written by Charlie Osborne, Contributing Writer

The Los Angeles' Personnel Department has been subject to a data breach in which the personal details of thousands of current and aspiring police officers has been stolen. 

According to NBC Los Angeles, an unknown hacker has claimed that they have managed to steal the personally identifiable information (PII) of 2,500 serving LAPD officers, trainees, and recruits, alongside records belonging to roughly 17,500 would-be officers enrolled in the Candidate Applicant program. 

The cyberattacker emailed the department directly last week and included a sample of the allegedly stolen information to back up their claims. He or she added that the data was obtained "through external sources."

Names, partial Social Security numbers, dates of birth, email addresses, and credentials used when applying for roles in the department have potentially been compromised. 

Before the contact, the department was unaware of any security incident. 

See also: Ransomware infection takes some police car laptops offline in Georgia

It has not been possible to verify the extent of the breach, but if true, this would be the largest and most serious breach of data experienced by the department to date. 

Ted Ross, the Los Angeles' Personnel Department General Manager, told the publication that the organization was in the midst of applying "extra layers of security around our personnel system and enhancing defenses."

Impacted individuals are being notified and an investigation is underway to ascertain how the data subset was downloaded and stolen. 

"The Los Angeles Police Department is working with our city partners to better understand the extent and impact of the data breach," the LAPD said in a statement. "We are also taking steps to ensure the department's data is protected from any further intrusions."

TechRepublic: Vulnerability in VxWorks RTOS allows attackers to control internal networks

In related news this week, a ransomware infection at the Georgia Department of Public Safety (DPS) hamstrung police laptops by barring access to crucial intelligence and information. 

The malware managed to propagate across the full DPS network, forcing the organization to close down its IT infrastructure to contain the infection. 

CNET: Capital One data breach involves 100 million credit card applications

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards