Cyber Incident Victim: Indianapolis Housing Agency
Date:
Oct 2022
Location:
United States of America
Summary
A cyber attack on the Indianapolis Housing Agency compromised sensitive personal and financial data of approximately 25,000 residents, along with vendor and employee information. The breach exposed financial transactions shared with federal housing authorities, leading to fears among public housing assistance tenants and landlords regarding potential evictions and compromised bank accounts. No group has claimed responsibility for the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber attack targeting the Indianapolis Housing Agency (IHA) occurred in early October 2022, compromising sensitive personal and financial information across multiple stakeholder groups. Public housing residents, Section 8 voucher recipients, landlords, and vendors faced immediate concerns about eviction risks and compromised bank accounts due to disrupted funding distribution and support services. The breach exposed data belonging to approximately 25,000 IHA residents alongside vendor and employee records. Financial transaction records shared with the U.S. Department of Housing and Urban Development (HUD) were also compromised, heightening risks of financial fraud and identity theft. The attack paralyzed critical housing assistance operations, creating uncertainty about rent payments to landlords and essential subsidies for low-income tenants. No threat actor claimed responsibility for the intrusion during the initial disclosure period, distinguishing it from contemporaneous attacks against housing authorities in Oklahoma City, Cuyahoga County, Bremerton, and Columbus that involved ransomware groups like DoppelPaymer and Avos Locker.
The incident generated widespread anxiety among affected individuals regarding potential misuse of Social Security numbers, banking details, and housing eligibility documentation. Service disruptions threatened tenants with loss of housing stability while landlords faced interrupted revenue streams. IHA initiated crisis response protocols, though specific containment measures and forensic findings remained undisclosed in initial reports. HUD collaborated in assessing the breach's impact on federal housing programs but did not immediately confirm whether national systems were compromised. The agency faced mounting pressure to address vulnerabilities given prior cyber incidents affecting other housing authorities. Financial institutions serving IHA clients prepared for potential fraudulent transactions linked to exposed account information. Legal and logistical challenges emerged regarding credit monitoring services for victims and restoration of housing assistance disbursements.