The Housing Authority of the City of Los Angeles announced today, Jan. 3, that it has been hit by an apparent cyberattack that has disrupted its systems and a leading tech industry website reports that the attackers have given the agency a deadline to respond.
In a statement, the city agency described the situation as a “cyber event” and did not specify the nature of the attack or what data may have been compromised. HACLA, the city’s public housing authority, has a budget of more than $1 billion.
The ransomware group Lockbit claimed to have hacked the agency, according to TechCrunch. Screenshots posted online indicate that more than 15 terabytes of files were stolen, with a listed deadline of Jan. 12 for an apparent ransom.
Courtney Gladney of HACLA said the agency was working with “law enforcement and forensics to investigate the incident.” A statement from the agency said that HACLA was working to “confirm its impact to our systems, and to restore full functionality securely to our environment as soon as possible.”
HACLA oversees more than 19,000 housing units for poor and low-income residents. According to TechCrunch, HACLA “was added to LockBit’s dark web leak site on December 31.”
The early report on HACLA, still lacking detail, was a reminder of the 2022 Labor Day weekend cyber attack on Los Angeles Unified School District. In that case, Los Angeles Unified School District data was posted on the dark web by an international crime syndicate but it did not contain sensitive personal information, Superintendent Alberto Carvalho announced on Oct. 3.
A hacking organization known as Vice Society sent a ransom demand to LAUSD after breaking into the district’s systems and threatening to release the hacked data online if LAUSD refused to pay out an unspecified ransom.
The group released 500 gigabytes of hacked data following LAUSD’s Sept. 30 announcement that the district would not give in to the ransom demands.
Following release of the hacked data, fears about what information could’ve been breached abounded. Some reports posited that the trove of information included confidential student psychological evaluations, contract and legal documents, and business records containing personal identifying information including Social Security numbers.
But, according to LAUSD’s review, the data leaked was a “drop in the bucket” compared to the district’s 1.6 petabyte — or 16 million gigabyte — total trove of data, and contained “no evidence of widespread impact, as far as truly sensitive confidential information,” Carvalho said.
“We can confirm at this point, having gone through about two-thirds of the files that were uploaded, we have found no evidence of widespread access or dissemination of employee information that includes personally identifiable information,” Carvalho said in October.