The Housing Authority of the City of Los Angeles (HACLA) was reportedly the victim of a cyber attack by the notorious ransomware group LockBit, which in a dark web post on Saturday, Dec. 31, claimed it stole more than 15 terabytes of files from the public housing agency. The post mentioned a Jan. 12 deadline and that “all available data will be published,” suggesting that those behind the hack have made a ransom demand, though the amount was not disclosed.
A spokesperson for HACLA on Wednesday, Jan. 4, referred back to a statement the agency had issued the day before, in which it characterized the incident as a “cyber event that resulted in disruption to our systems.”
“We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” the statement read.
HACLA’s website still mentioned that it was experiencing “technical difficulties” as of late Wednesday afternoon.
“During this time, you may experience issues related to the services that HACLA provides. Thank you for your patience while we work through these issues,” the agency said on its homepage.
HACLA did not specifically call the incident a cyber attack nor mention anything about a ransom. The agency also did not respond to questions about the type of information that was reportedly stolen or the scope of the apparent data breach, though Courtney Gladney, the agency’s media and marketing specialist, told City News Service on Tuesday that HACLA was working with “law enforcement and forensics to investigate the incident.”
According to HACLA’s website, the agency has served more than 105,500 people and has an operating budget of more than $1 billion.
Threat analyst Brett Callow, of the cybersecurity firm Emsisoft, said he was not surprised to hear of a cyber attack during or near the holiday weekend. Cyber attackers tend to target weekends and holidays when there may be fewer workers around to notice unusual network activity.
Callow said hackers sometimes will use stolen information to reach out to individuals whose contact information they have to apply pressure on those individuals to, in turn, put pressure on the agency that experienced the data breach to pay a ransom.
“They are weaponizing the organization’s customers and business partners in ways that we haven’t seen until fairly recently,” said Callow, who, like most cybersecurity experts, generally advise against caving in to hackers’ demands.
In the case of HACLA, Callow said, if LockBit did demand a ransom, the city’s housing agency would receive nothing more than a “pinky promise” that the hackers would destroy the stolen data once a ransom was paid.
But, he said, “realistically, they probably wouldn’t” honor their pledge. “Why would a criminal organization ever delete data it may be able to monetize further?”
When L.A. Unified was attacked by the international ransomware group Vice Society in September, the incident occurred over Labor Day weekend. Officials in the nation’s second-largest school district chose not to pay the ransom demand, and the hackers ultimately released data on the dark web.
Citing an anonymous law enforcement source, NBC4 at the time reported that the information released contained confidential psychological evaluations of students, contract and legal documents, business records, numerous database entries and some Social Security numbers.
LAUSD Superintendent Alberto Carvalho had said, however, that there was no evidence of a widespread impact on “truly sensitive confidential information.”
All the same, the data breach caused massive disruptions to the start of the school year, requiring students and district employees to change their passwords and preventing some teachers from being able to access lesson plans and other records.
Incidents of cyber attacks are far too common.
In 2022, 105 local governments, 44 colleges or universities, 45 school districts and 25 healthcare providers operating 290 hospitals reported being victims of cyber attacks in the United States, according to the cybersecurity firm Emsisoft.
Callow advises that all organizations invest in strong cybersecurity measures to reduce the risk of falling prey to hackers.
In September, during a news conference following LAUSD’s cyber attack, Los Angeles Police Chief Michel Moore called cyber attacks “the No. 1 threat to our safety.”
Both he and then-Mayor Eric Garcetti called the LAUSD incident a “wake-up call” to all government agencies, businesses and individuals.
“This is a wake-up call, a reminder, because all of us are so dependent on our cyber universe, to check our systems, to recognize that personal, businesses, public and private sector, are constantly being probed and constantly under attack,” Moore said. “And that is why it’s critical that you pay attention to your security system, that you pay attention to who your users are and that you’re constantly on vigilance.”
©2023 MediaNews Group, Inc, Distributed by Tribune Content Agency, LLC.