Los Angeles housing authority discloses data breach after ransomware attack

The Housing Authority of the City of Los Angeles, or HACLA, said it suffered a data breach following a 2022 ransomware attack.

In a breach notice sent to affected individuals, the public housing agency said threat actors managed to infiltrate its network between Jan. 15 and Dec. 31 of last year.

“On December 31, 2022, HACLA discovered encrypted files on certain computer systems,” the housing authority said. “HACLA learned that it had been the victim of a complex cyber-attack. HACLA immediately shut down its servers and launched an investigation with the assistance of third-party forensic specialists to determine the nature and scope of the incident.”

Researchers at BleepingComputer have linked the attack to the notorious LockBit ransomware gang, which shared samples of exfiltrated HACLA files on their leak platform in late January of this year.

Although the investigation is ongoing, the HACLA data breach notice revealed that the criminals may have stolen sensitive information, including:

• Full names and birthdates
• Social Security numbers
• Passport numbers and driver’s license numbers
• Tax and military identification numbers
• Government-issued identification numbers
• Financial data including credit card and bank account numbers
• Health insurance info and medical information

All affected individuals have been notified via mail, and the agency has said that it is working on implementing additional safety measures and procedures to enhance the security and privacy of individuals.

All notified members are urged to remain vigilant against fraud and other identity theft crimes, and monitor their accounts, credit reports and financial statements for any suspicious activity.

Don’t let fraudsters take the high ground when it comes to your identity.

Use Bitdefender Identity Theft Protection (US only) to stay in the know and limit financial losses associated with data breaches and identity crimes.

The one-stop credit monitoring and identity theft protection service helps you tackle threats to your identity and finances with:

• 24/7 identity monitoring to detect whether your personal information is on the dark web and to check for change-of-address requests, attempts to take over accounts, and court records that may show crimes falsely reported in your name
• An easy way to view your credit score or order a credit freeze in case of compromise
• Identity restoration services with a 100% success rate, plus access to your dedicated resolution specialist
• Up to $2 million identity theft recovery plan, plus many more benefits, depending on your chosen plan