Indianapolis Housing Agency

The Indianapolis Housing Agency (IHA) is a public housing authority located in Indianapolis, Indiana, United States. It administers public housing assistance programs, managing the intake and ongoing support for eligible residents. The agency processes sensitive personal and financial information for approximately 25,000 residents, including data related to housing subsidies, lease agreements, and payment transactions. It also handles vendor and employee records, maintaining databases that interact with federal housing authorities such as the Department of Housing and Urban Development (HUD). As a local entity, IHA operates within the framework of federal public housing programs, ensuring compliance with regulations while providing housing stability for low-income households. Its operational scope includes tenant screening, rent calculation, and disbursement of housing assistance payments to landlords on behalf of participants. The agency's role positions it as a critical intermediary between residents, private landlords, and federal funding streams, requiring robust data management practices to safeguard confidential information.

On October 12, 2022, IHA suffered a significant cyber attack that compromised its data systems. The breach exposed the personal and financial details of roughly 25,000 residents, along with vendor and employee information. Stolen data included records of financial transactions shared with federal housing authorities, raising immediate concerns about identity theft, financial fraud, and potential misuse of housing assistance records. Residents feared that compromised bank account details could lead to unauthorized withdrawals, while landlords and tenants worried about eviction risks if subsidy payments were disrupted. The incident highlighted vulnerabilities in the agency's cybersecurity posture, though no cybercriminal group claimed responsibility for the attack. Following the breach, IHA likely faced regulatory scrutiny and obligations to notify affected individuals, as required by data protection laws. The event underscored the heightened risks facing public sector agencies that handle sensitive socioeconomic data, particularly those interfacing with federal databases. As of the latest reports, the full extent of the data's misuse and the long-term impacts on affected parties remained unclear, with no public updates on remediation efforts or accountability.