The Los Angeles Police Department (LAPD) is currently investigating a case where it is the victim.
Personal data belonging to about 2,500 LAPD officers, trainees, and recruits, along with some 17,500 police officer applicants, has been nabbed by a hacker, local news outlet NBCLA reported on Monday.
The data was held on servers managed by the city’s personnel department.
Ted Ross, general manager of Los Angeles’ Information Technology Agency, said it was contacted by an individual in recent days who claimed to have downloaded the personal information. The perpetrator also presented a sample of the data to back up their claim.
The kind of data stolen by the hacker hasn’t been officially disclosed, but multiple news reports said that an email from the city informing those affected revealed that it included names, dates of birth, partial Social Security numbers, and the email addresses and passwords used by those who applied for a police job.
Home addresses and phone numbers were not believed to have been obtained by the hacker.
The email urged those affected to take precautionary measures such as keeping an eye on their personal financial accounts, and to obtain copies of their credit reports. They were also advised to file a complaint with the Federal Trade Commission.
Data security is paramount
“The Los Angeles Police Department is working with our city partners to better understand the extent and impact of this data breach,” the LAPD said in a statement. “Data security is paramount at the Los Angeles Police Department and we are committed to protecting the privacy of anyone who is associated with our agency.”
It added that it is also “taking steps to ensure the department’s data is protected from any further intrusions.”
An investigation is currently underway to try to learn more about how the hack happened, and to determine precisely how much data was taken.
Cities and law enforcement agencies are an increasingly common target for hackers, with protest, disruption, and financial gain among the myriad of motivations for the attacks.
The Georgia Department of Public Safety (DPS), for example, has in recent days been hit by a ransomware attack that prompted it to suspend the operation of its computer systems across three local police departments in a bid to contain the infection.
Research published last year suggested hackers are shifting from data thefts to ransomware, a form of attack that prevents a computer or network from being used until money is paid to the hackers.
- TrickBot returns with new attack that compromised 250 million email addresses
- Deal with Amazon requires local police to encourage people to buy Ring products
- Ransomware tool causing chaos in Baltimore was developed by the NSA
- Marriott faces $123M fine for huge data breach that targeted millions of guests
- 7-Eleven’s mobile payment app shut down after hackers nab $500K from customers