LAPD: Sensitive Police Documents Stolen and Leaked

Cybercriminals associated with the extortion gang World Leaks have stolen and publicly leaked a massive trove of sensitive internal documents from the Los Angeles Police Department. The breach, confirmed by TechCrunch and the Los Angeles Times, exposed 7.7 terabytes of data comprising more than 337,000 files, including officer personnel records, internal affairs investigations, and unredacted criminal complaints containing witness names and medical data.

What Happened

The LAPD confirmed it is investigating a data breach that did not compromise LAPD systems or networks directly. Instead, the attackers targeted a digital storage system belonging to the Los Angeles City Attorney's Office, which housed sensitive LAPD records. The extortion gang World Leaks, identified by Distributed Denial of Secrets founder Emma Best, posted the stolen data on its leak site in an attempt to pressure victims into paying a ransom. The data was subsequently removed from the gang's site for reasons that remain unclear. The LAPD stated it is working with the LA City Attorney's Office to determine the full scope of the compromise.

What Was Taken

The breach exposed an enormous volume of highly sensitive law enforcement data:

Officer personnel files: employment records, personal details, and internal HR data for LAPD officers
Internal affairs investigations: records of misconduct inquiries and disciplinary proceedings
Discovery documents: unredacted criminal complaints, witness identities, and medical information
Total volume: 7.7 terabytes across more than 337,000 files

Under California state law, most police officer records are deemed private. The Los Angeles Times described the leak, if authenticated, as a "stunning breach of police data," noting that records of this nature are rarely disclosed or published.

Why It Matters

This breach carries severe implications across multiple domains. For law enforcement, the exposure of witness names and informant-adjacent data creates immediate physical safety risks. Officers whose personnel files and internal affairs records are now public face personal security threats and potential harassment. The leak of unredacted criminal complaints could compromise active investigations and pending prosecutions. For the broader security community, this incident highlights the persistent risk posed by third-party data custodians: the LAPD's own systems were not breached, but sensitive LAPD data was compromised through the City Attorney's Office infrastructure. This is a textbook example of supply chain risk in government data handling.

The Attack Technique

The specific intrusion vector has not been publicly disclosed. What is known is that the attackers compromised a digital storage system operated by the LA City Attorney's Office rather than LAPD infrastructure directly. World Leaks operates as an extortion gang that steals data and threatens to publish it unless a ransom is paid. The group's leak site was used to publicize the breach, a standard double-extortion tactic. The removal of the data from the leak site could indicate ongoing ransom negotiations, law enforcement intervention, or operational decisions by the threat actor.

What Organizations Should Do

Audit third-party data custodians: Map where your sensitive data resides outside your own infrastructure and assess the security posture of every external system that stores it.
Enforce least-privilege access on shared storage: Ensure that digital storage systems, especially those shared across agencies, segment access by sensitivity level and enforce strict authentication controls.
Implement data loss prevention monitoring: Deploy DLP tooling that can detect large-scale exfiltration events, particularly on systems housing legally privileged or personnel records.
Review inter-agency data sharing agreements: Ensure contracts with partner agencies include enforceable security requirements, breach notification timelines, and incident response obligations.
Prepare for extortion scenarios: Develop and rehearse playbooks specifically for data extortion incidents, including legal review of ransom payment implications and pre-drafted public communications.
Monitor for leaked data exposure: Organizations with law enforcement partnerships should proactively monitor dark web and leak site activity for exposure of their data in this or related breaches.

Sources: Hackers steal and leak sensitive LAPD police documents