Cactus ransomware gang claims major data theft at Los Angeles' housing authority

The Housing Authority of the City of Los Angeles said it experienced a serious data security incident shortly after the Cactus ransomware group listed it as a victim on its data leak site.

 

The Housing Authority of the City of Los Angeles, or HACLA, is one of the largest and oldest public housing authorities in the U.S. with an annual budget of more than $1 billion.

 

In a statement shared with the media, a spokesperson for the HACLA said the authority was recently a victim of a cyber attack that targeted its internal network.

 

“We’ve been affected by an attack on our IT network. As soon as we became aware of this, we hired external forensic IT specialists to help us investigate and respond appropriately,” a HACLA spokesperson told BleepingComputer.

 

“Our systems remain operational, we’re taking expert advice, and we remain committed to delivering important services for low income and vulnerable people in Los Angeles,” the spokesperson added.

 

While the housing authority is yet to share details on how the threat actors infiltrated its internal network or the nature and scope of the incident, the Cactus ransomware group claimed responsibility for the cyber attack on HACLA and listed it as a victim on its data leak site.

 

According to screenshots shared on X, the group claims to have stolen 861 GB of data that includes personally identifiable information, database backups, financial documents, executives’ and employees’ personal data, customer information, corporate confidential data, and correspondence.

 

To prove the authenticity of its claims, the group has also shared screenshots of the stolen data that contains sensitive data.

 

This is the second data security incident HACLA suffered in recent years. In January last year, the notorious LockBit ransomware group claimed responsibility for infiltrating HACLA’s network and listed the authority as a victim on its data leak site. The group also threatened to publish 15 terabytes of data stolen from the authority unless a ransom was paid by January 27.