LAPD: Sensitive Police Documents Stolen and Leaked by World Leaks Gang

Cybercriminals from the extortion gang World Leaks have stolen and leaked a massive trove of sensitive internal documents from the Los Angeles Police Department. The breach exposed 7.7 terabytes of data comprising more than 337,000 files, including officer personnel records, internal affairs investigations, and unredacted criminal complaints. The LAPD has confirmed the incident and is actively investigating.

What Happened

The World Leaks extortion gang gained unauthorized access to a third-party digital storage system used by the Los Angeles City Attorney's Office. The attackers exfiltrated 7.7 terabytes of data and subsequently posted it to their leak site in an attempt to pressure the city into paying a ransom. The data was briefly listed on the gang's site before being removed for unknown reasons. Transparency group Distributed Denial of Secrets (DDoSecrets), whose founder Emma Best reviewed a portion of the data, is now hosting the leaked files. The LAPD has stated that its own systems and networks were not directly compromised, attributing the breach to the City Attorney's Office infrastructure. A spokesperson for the LA City Attorney's Office confirmed "unauthorized access to a third-party tool" but emphasized the application was self-contained with no links to department records or systems.

What Was Taken

The stolen data includes some of the most sensitive categories of law enforcement records:

Officer personnel files: Employment records, personal information, and career details of LAPD officers.
Internal affairs investigations: Records of misconduct inquiries and disciplinary proceedings.
Discovery documents: Unredacted criminal complaints containing witness names, medical data, and other personal information typically shielded from public disclosure.

Under California state law, most police officer records are deemed private. The Los Angeles Times described the leak, if authenticated, as a "stunning breach of police data," noting that records of this nature are rarely disclosed or published.

Why It Matters

This breach has significant implications across multiple domains. For law enforcement, the exposure of officer identities and internal affairs records creates immediate physical safety risks and could compromise ongoing investigations. For witnesses and victims named in unredacted complaints, the leak creates risks of intimidation or retaliation. The incident also highlights a persistent blind spot in public sector security: sensitive data often flows to third-party tools and partner agencies where security controls may not match the sensitivity of the information stored. Extortion gangs like World Leaks increasingly target these peripheral systems rather than hardened primary infrastructure, exploiting the weakest link in inter-agency data sharing.

The Attack Technique

The specific intrusion vector has not been publicly disclosed. What is known is that the attackers compromised a third-party digital storage tool used by the LA City Attorney's Office, not the LAPD's own networks. This pattern is consistent with World Leaks' known tactics: targeting externally hosted applications, cloud storage platforms, or SaaS tools that hold sensitive data but sit outside an organization's primary security perimeter. The gang follows a standard double-extortion model, stealing data and threatening to publish it unless a ransom is paid.

What Organizations Should Do

Audit third-party data flows. Map where sensitive data is stored outside your primary systems, especially in tools used by partner agencies, legal teams, and contractors.
Enforce access controls on external storage. Apply least-privilege principles to any third-party platform holding sensitive records. Require MFA and monitor for anomalous access patterns.
Classify and segment sensitive records. Personnel files, investigation records, and unredacted legal documents should be stored with the highest protections available, regardless of which system or agency hosts them.
Establish breach notification protocols with partners. Ensure inter-agency agreements include incident response obligations so breaches in one office trigger immediate containment across all affected entities.
Monitor for leaked data. Actively scan paste sites, leak forums, and transparency repositories for organizational data to enable rapid response if exposure occurs.
Review vendor security posture. Require third-party tools handling sensitive data to meet defined security baselines and conduct regular assessments.

Sources: Hackers steal and leak sensitive LAPD police documents