Report: LAPD Data Breach Exposes 2,500 Officer RecordsPolice Database Includes Email Addresses and Partial Social Security Number
The Los Angeles Police Department is investigating a possible data breach that appears to have exposed the personal information of about 2,500 full-time officers, as well as records related to 17,500 potential police candidates, according to local news media reports.
The information contained in the police personnel database included email addresses, names and partial social security numbers, among other details, according to NBC Los Angeles, which first reported the incident on Monday.
It's not clear who was behind the attack or if any information has been leaked, according to the NBC report. The police department did not respond to an email seeking additional information. The Los Angeles Times reports that the database belonged to the city and not the police department directly, and it contained records related to anyone who applied to the police department academy over the past 10 years. It's not clear how the attack happened or if the data was encrypted, according to the report.
The incident first came to the attention of the Los Angeles Information Technology Agency on July 25. At that time, the unknown hacker contacted city authorities and claimed to have downloaded this sensitive data. The attacker also emailed the agency with portions of the data as proof, according to NBC and other reports.
After acknowledging the potential breach late Monday, the police department is still investigating how the incident may have happened and if the hacker had a motive. The department has also notified the affected officers and candidates and has taken immediate steps to strengthen its infrastructure, according to reports.
"Out of an abundance of caution, we're applying extra layers of security around our personnel system and enhancing defenses," Ted Ross, the general manager of the city's Information Technology Agency, told NBC on Monday.
In a statement, Los Angeles Mayor Eric Garcetti added the city's IT department is also taking additional precautions.
"We take the protection of personal data very seriously, and the City has informed the individuals who may have been affected," Garcetti said. "The City’s Information Technology Agency has added additional layers of security to guard against future events of this kind."
Targeting Government Agencies
The possible hacking of the Los Angeles Police Department and its database comes in the backdrop of an increasing number of cyber incidents targeting local government bodies and agencies in the U.S.
Malicious actors have been continuously exploiting security vulnerabilities within government agencies as a means to unleash wider havoc and disrupt the normal functioning of these agencies, according to security experts.
A primary reason behind the repeated attack against government agencies is the easy availability of sensitive information and poor security safeguards within these systems. In the case of the Los Angeles Police Department, a quick search on its website reveals information such as employee name and employee serial number, says Chris Morales, head of analytics at security firm Vectra.
"The email address is not hard to come by either," Morales tells Information Security Media Group. "I can almost make guesses at those, if not just use a Google search to figure out a person's email. There is an entire industry of cold calling based on around figuring out a person's email address."
A Further Wake-Up Call
While the incident involving the Los Angeles Police Department appears to have been a breach, more local governments are dealing with attacks that focus on their infrastructure and files, specifically in the form of ransomware.
For instance, in June, the local government of Riviera Beach, Florida, agreed to pay a ransom of $600,000 in bitcoin after its IT infrastructure was encrypted by an unknown strain of ransomware (see: Florida City Paying $600,000 to End Ransomware Attack ).
In the weeks prior to the attack on Riviera Beach, a similar ransomware attack crippled the IT system of Baltimore, which forced the city officials to spend $18 million for the recovery process and to make up for the lost revenue (see: Baltimore Ransomware Attack Costing City $18 Million).
The May 7 attack against Baltimore was traced to a version of crypto-locking ransomware called Robbinhood and affected about 10,000 computers that were connected to the affected IT server, according to local officials.
However, Terence Jackson, chief information security officer at Thycotic, says that when insurance companies cover the cost of the ransom payment, it makes local and state governments more susceptible to ransomware attacks.
"The attackers are attacking these targets because of the criticality of the data they store and now the precedent has been set that insurance companies will foot the bill for the ransom," Jackson explains.
Jackson adds that while the Los Angeles Police Department was not likely a ransomware attack, it's more than likely that data will be exposed sooner rather than later and more than likely monetized by cybercriminals.
"While this attack has not been labelled as a ransomware attack, data has been exfiltrated and will likely appear on the dark web for sale soon," Jackson tells ISMG. "This should be a wake-up call to municipalities all of over the country to re-assess their current state of cybersecurity, find the gaps and implement the necessary countermeasures."