The Los Angeles Police Department has warned that a hacker is claiming to be in possession of the personal information of roughly 2500 “officers, trainees, and recruits,” as well as 17,500 other LAPD applicants, NBC Los Angeles reported on Tuesday.
According to NBC Los Angeles, the city’s Information Technology Agency said an unknown individual who said they were in possession of the data and claimed to be a hacker had contacted them last week, providing examples to evidence their claims. An email to officers notified them that “some of your information contained within the Personnel Department’s Candidate Applicant Program” may have been compromised, according to the station:
The compromised data included the officers’ names, dates of birth, parts of their social security numbers, and the email addresses and passwords they set up when applying for the job, according to the message. Additional personal information may have been compromised.
The LAPD told officers in the message they should monitor their personal financial accounts, get copies of their credit reports, and file a complaint with the Federal Trade Commission.
Officials do not currently believe home addresses, phone numbers, and full social security numbers were lost to the hacker, according to the Los Angeles Times.
The individual who contacted ITA claimed to have received the data “from external sources,” ITA General Manager Ted Ross told NBC Los Angeles, which doesn’t really clear up much about the breach. The Times reported that the affected server did not in fact belong to the LAPD, but the city’s personnel department.
An LAPD spokesman told NBC Los Angeles that “Data security is paramount at the Los Angeles Police Department, and we are committed to protecting the privacy of anyone who is associated with our agency.”
According to the Times, officials believe the breach happened on July 26 and affected individuals who applied to be a police officer from 2010 to 2018 or 2019. Ross told the paper that the targeted database had recently been superseded in service by an upgraded one with better security, but that the old database was never cleared of data.
Ross added that this was the first successful cyber attack on the Los Angeles government in recent memory, and that “We’ve made a lot of improvements and will continue to make them.”