LAPD: Massive Document Leak by World Leaks Extortion Gang

Cybercriminals operating under the extortion gang World Leaks have stolen and leaked a massive trove of sensitive internal documents from the Los Angeles Police Department. The breach exposed 7.7 terabytes of data comprising over 337,000 files, including personnel records, internal affairs investigations, and unredacted criminal complaints containing witness names and medical information. The LAPD has confirmed it is investigating the incident.

What Happened

The World Leaks gang exfiltrated a large volume of internal LAPD documentation and posted it to their leak site as part of an extortion campaign designed to pressure victims into paying a ransom. The data was briefly listed on the gang's site before being removed for unknown reasons. Emma Best, founder of the transparency organization Distributed Denial of Secrets (DDoSecrets), which hosts the data, confirmed she was able to review portions of the leaked files before they were pulled from World Leaks' site. The LAPD stated the breach did not compromise LAPD systems or networks directly but instead affected a digital storage system belonging to the LA City Attorney's Office.

What Was Taken

The leaked dataset is substantial in both volume and sensitivity:

7.7 terabytes of data across 337,000+ files
Police officer personnel records
Internal affairs investigation documents
Discovery paperwork including unredacted criminal complaints
Personal information such as witness names and medical records

Under California state law, most police officer data is deemed confidential. The Los Angeles Times described the leak, if confirmed genuine, as a "stunning breach of police information," noting that police records of this nature are rarely disclosed or published.

Why It Matters

This breach carries significant implications across multiple domains. For law enforcement, the exposure of internal affairs investigations and personnel records could compromise ongoing cases, endanger undercover officers, and expose confidential informants. For individuals named in the unredacted complaints, there is immediate risk of retaliation, harassment, or identity theft. For the broader security community, this incident demonstrates that threat actors are increasingly targeting adjacent systems (in this case, a city attorney's digital storage platform) rather than hardened primary networks, exploiting the weakest link in an interconnected government ecosystem.

The Attack Technique

The exact intrusion vector has not been publicly disclosed. However, the LAPD confirmed the breach originated not from its own networks but from a digital storage system operated by the LA City Attorney's Office. World Leaks, which began operations in January 2025 as an apparent rebrand of the defunct Hunters International group, follows a double-extortion model: exfiltrating data before pressuring victims to pay by threatening public release. The targeting of a third-party storage system rather than direct LAPD infrastructure suggests exploitation of a supply-chain or shared-services weakness.

Who is World Leaks

World Leaks emerged in January 2025 as a successor to the Hunters International ransomware and extortion group. The gang operates a dedicated leak site where it publicizes breaches to coerce victims into paying ransoms. Since its formation, World Leaks has compromised organizations across multiple sectors. The rebrand from Hunters International suggests operational continuity with refreshed branding, a common tactic among extortion groups seeking to shed law enforcement attention while retaining infrastructure and expertise.

What Organizations Should Do

Audit third-party storage and shared systems. This breach originated from a city attorney's storage platform, not LAPD networks. Map all external systems that house your sensitive data and ensure they meet your security standards.
Enforce strict access controls on sensitive document repositories. Apply least-privilege principles and segment access so that a single compromised account cannot reach entire archives.
Monitor for data appearing on leak sites and paste services. Use threat intelligence feeds and dark web monitoring to detect early signs of exfiltration before full public disclosure.
Encrypt sensitive data at rest. Even if storage systems are compromised, properly encrypted files significantly reduce the impact of exfiltration.
Review and update incident response plans for third-party breaches. Ensure your organization has a clear playbook for when a partner or vendor is compromised, including legal notification requirements and communication protocols.
Conduct tabletop exercises simulating supply-chain data breaches. Prepare teams for scenarios where the point of compromise is outside your direct control.

Sources: Hackers steal and leak delicate LAPD police paperwork - Citizen News