HACLA logo over Los Angeles

The Housing Authority of the City of Los Angeles (HACLA) is warning of a “data security event” after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack.

HACLA is a state-chartered agency that provides affordable housing to low-income individuals and families in Los Angeles, California.

The government agency, which operates on an annual budget of $1 billion, also provides job training and education to help eligible families achieve self-sufficiency and improve their quality of life.

According to the data breach notice, on December 31, 2022, HACLA discovered that computer systems on its network had been encrypted, forcing the agency’s IT team to shut down all servers and launch an investigation.

The investigation into the incident was completed on February 13, 2023, revealing that hackers had unauthorized access to systems between January 15, 2022, and December 31, 2022.

The examined server logs showed that the hackers might have accessed the following information belonging to members of HACLA:

  • Full name
  • Social Security Number (SSN)
  • Date of birth
  • Passport number
  • Driver’s license
  • State ID number
  • Tax ID number
  • Military ID number
  • Government-issued ID number
  • Credit/debit card number
  • Financial account number
  • Health insurance information
  • Medical information

HACLA has notified the impacted individuals by mail, which includes instructions on monitoring their accounts, placing fraud alerts, and reporting identity theft incidents to the authorities.

LockBit claimed the attack

The attack on HACLA was claimed by the LockBit 3.0 ransomware gang, one of the most active and notorious RaaS (ransomware-as-a-service) operations.

HACLA listed on LockBit extortion site
HACLA listed on LockBit extortion site (BleepingComputer)

The threat actors uploaded samples of the files they claim to have stolen from HACLA’s network on December 31, 2022, and then followed up with their threat to publish all files on January 27, 2023.

This indicates that the negotiations for the ransom payment have failed, and the government agency declined to meet the cybercriminals’ demands.

However, about 1.5 months after the publication of that data, the download link on LockBit’s extortion site no longer works, somewhat mitigating the impact.

The leaked data set has not yet been redistributed on known hacker forums either.

Source: www.bleepingcomputer.com