Cyber Incident Victim: Housing Authority of the City of Los Angeles
Date:
Dec 2022
Location:
United States of America
Summary
The Housing Authority of the City of Los Angeles experienced a ransomware attack claimed by the Lockbit group, which stole approximately 15 terabytes of data and threatened public release unless payment demands were met. The agency acknowledged system disruptions and engaged third-party specialists to investigate the breach, restore operations, and assess impacts while maintaining service continuity. The incident compromised sensitive tenant information, including payment details and housing voucher data affecting tens of thousands of low-income residents, potentially undermining public trust in critical housing services. This attack followed similar targeting of multiple U.S. housing authorities and another major breach within Los Angeles’ public sector infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 31, 2022, the hacker group Lockbit claimed responsibility for a ransomware attack targeting the Housing Authority of the City of Los Angeles (HACLA). The group posted images of purported HACLA databases containing 15 terabytes of stolen data and threatened to publish the information on the dark web by January 12, 2023, unless their payment demands were met. HACLA publicly acknowledged the incident as a "cyber event that resulted in disruption to our systems" in an official statement released shortly after the attack. The agency confirmed it was working with third-party specialists to investigate the breach's source, assess its impact, and restore full system functionality securely. While the exact method of the breach remained unclear, Lockbit's claim indicated significant data exfiltration occurred prior to system encryption. HACLA did not disclose whether any ransom negotiations took place or whether personal information of residents was definitively compromised during the incident.
The attack disrupted operations at an agency critical to Los Angeles' affordable housing infrastructure. HACLA manages over 6,300 public housing units with online payment systems for rent and administers the Section 8 voucher program serving more than 43,700 households. The breach occurred shortly after HACLA reopened its Section 8 waitlist for the first time in five years, which had drawn 223,000 applications. Cybersecurity researcher Nick Merrill from UC Berkeley noted this marked the second major ransomware attack against Los Angeles' public sector within a year, following the September 2022 Los Angeles Unified School District incident where student data was leaked after refusal to pay. Merrill observed that housing authorities like HACLA are frequent targets due to perceived limited cybersecurity resources and attackers' belief that such organizations might pay ransoms to avoid operational collapse. The incident raised concerns about potential exposure of sensitive tenant information, including financial data used for rent payments, and broader implications for public trust in government services managing essential housing programs.