Law enforcement officials and city attorneys Thursday were trying to understand the full scope of a data breach that occurred last month involving the Los Angeles City Attorney’s Office.
Ivor Pine, deputy director of communications for City Attorney Hydee Feldstein-Soto, confirmed there was an unauthorized breach to the office’s third-party system on March 20. The digital program is used by city attorneys to transfer discovery to opposing counsel and litigants.
“After learning of the incident, our office took immediate steps to secure the tool and investigate what information was accessed. We reported the incident to law enforcement and engaged external support, including outside counsel and external forensic support. Our office has been working with city departments, including the City’s Information Technology Agency (ITA), to review the data involved in the incident,” Pine said in a statement.
The City Attorney’s Office said no other city applications or systems were impacted by the breach.
“The information was self-contained in this application without any links or access to any department records or systems. Our investigation is continuing to determine what information was present in the tool and we will take appropriate action to notify any affected parties based on the results of this review,” Pine said in his statement.
On Tuesday night, the Los Angeles Police Department issued a similar statement, saying officials were made aware of the breach, in which unauthorized individuals gained access to a digital storage system that contained discovery documents from previously adjudicated or settled LAPD civil litigation cases, as well as personnel files and documents from Internal Affairs investigations.
The breach did not involve any LAPD systems or networks, police added.
“We take this incident very seriously and are working with the LA City Attorney’s Office to gain access to this impacted file to understand the full scope of the data breach,” the LAPD said.
Mayor Karen Bass has been briefed on the data breach, according to city officials.
The Los Angeles Times reported Tuesday that some of the records started showing up online. One of the first accounts to post a file from the hack was @WhosThatCop. The account posts about police accountability. The account’s administrator had said a security researcher first disclosed the breach. The files were taken down Tuesday afternoon, according to The Times.
Most police records are private under state law, and when they are used in legal cases the files tend to be significantly redacted.
The Times reported there were 7.7 terabytes of information available for download and more than 337,000 files. The breach further included witness names, health information and unredacted criminal complaints and investigative files, the report said.