Hackers Exfiltrate 7.7 TB of Sensitive LAPD Litigation Files from LA City Attorney’s Storage System
What Happened – Threat actors compromised the Los Angeles City Attorney’s Office digital storage environment and downloaded over 7.7 TB of files that contain LAPD civil‑litigation discovery material, including witness names, medical records, unredacted criminal complaints, and investigative reports. The breach did not involve any direct intrusion into LAPD networks.
Why It Matters for TPRM –
- Third‑party data repositories can become the weakest link in a government supply chain.
- Exposure of law‑enforcement records creates legal, regulatory, and reputational risk for both the agency and any vendors that host or manage the data.
- Demonstrates the need for continuous monitoring of third‑party security controls and data‑handling agreements.
Who Is Affected – Government agencies (law‑enforcement), legal service providers, and any downstream partners that rely on the City Attorney’s document‑management platform.
Recommended Actions – Review contracts and security clauses with the City Attorney’s IT service provider, request evidence of encryption at rest and strict access controls, and conduct a risk‑based audit of all third‑party storage solutions handling sensitive public‑sector data.
Technical Notes – Attack vector not disclosed; likely a credential‑based intrusion or mis‑configuration. No specific CVEs reported. Data types exfiltrated: personally identifiable information (witness names, medical info), unredacted law‑enforcement files, and investigative records. Source: The Record