Cyber Incident Victim: Los Angeles Police Department

In July 2019, the Los Angeles Information Technology Agency (ITA) was contacted by a suspected hacker who claimed to have stolen personal data from the city's Personnel Department system, specifically targeting information related to the Los Angeles Police Department. The hacker asserted possession of records for approximately 2,500 active LAPD officers, trainees, and recruits, along with 17,500 police officer applicants. ITA General Manager Ted Ross confirmed the individual provided example files demonstrating unauthorized access to the Candidate Applicant Program database. The city responded by implementing additional security measures around its personnel systems, though the exact method of breach remained unspecified at the time of disclosure. Affected individuals began receiving notifications over the weekend following the ITA's contact with the hacker, alerting them to potential compromise of their sensitive information.

The compromised data included names, dates of birth, partial Social Security numbers, and the email addresses with passwords that applicants created during the hiring process. The LAPD advised impacted personnel to monitor financial accounts, obtain credit reports, and file complaints with the Federal Trade Commission. While the department emphasized its commitment to data security, notifications did not specify whether credit monitoring services would be provided. The Los Angeles Police Protective League characterized the breach as a serious security failure and demanded city-funded assistance for officers facing identity theft consequences. Investigators worked to verify the hacker's claim of obtaining a "subset" of applicant data through external access rather than insider assistance, with Ross noting the full scope of exfiltrated information might require weeks to determine. The hacker's assertion of acquiring data through external sources suggested vulnerabilities in the city's systems rather than deliberate internal misconduct.