The Guardian (USA)

Los Angeles police: personal data of thousands of officers stolen in breach

- Kari Paul in San Francisco

The personal informatio­n of 2,500 Los Angeles police department officers and 17,500 people who had applied to join the force were exposed in a data breach, the department announced on Monday.

The department was informed of a potential breach of records held by the city’s personnel department on 25 July, and it notified affected officers over the weekend.

“The Los Angeles Police Department is working with our city partners to better understand the extent and impact of the data breach,” LAPD said in a statement. “We are also taking steps to ensure the department’s data is protected from any further intrusions.”

The compromise­d data included officers’ names, dates of birth, the last four digits of their social security numbers, and the email addresses and passwords they set up when applying for the job, a spokesman for the mayor’s office confirmed to the Guardian.

“We take the protection of personal data very seriously, and the City has informed the individual­s who may have been affected,” the spokesman for Mayor Eric Garcetti said. “The City’s Informatio­n Technology Agency has added additional layers of security to guard against future events of this kind.”

The mayor’s office said police officers were notified “out of an abundance of caution” after a potential hacker contacted the city claiming to have the data. The city is investigat­ing whether the data in question has been sold or exposed.

The spokesman noted that the city of Los Angeles had launched a number of cybersecur­ity programs since Garcetti took office. Cities and law enforcemen­t agencies have been increasing­ly targeted by hackers in recent years.

Some cities have been targeted for political reasons. In 2015, Anonymous shut down the website of the city of Baltimore after riots following the death of Freddie Gray. Anonymous also shut down the official website for the city of Cleveland following the police shooting of 12-year-old Tamir Rice in 2014.

But city and state government­s, as well as local police forces, have also increasing­ly been the victims of ransomware attacks, said Terence Jackson, chief informatio­n security officer at Thycotic, a Washington DC security provider.

“The attackers are attacking these targets because of the criticalit­y of the data they store,” he said. “This should be a wake-up call to municipali­ties all over the country to re-assess their current state of cyber security, find the gaps and implement the necessary countermea­sures.”

Many city agencies lack funding to properly secure data and investigat­e after the hacks, said Arshad Noor, chief technology officer of StrongKey, aSilicon Valley data security company.

“While the breach is just another example of what happens when security controls are mismatched to the resources being protected, there is a different kind of danger when the theft of personal data involves law enforcemen­t officials,” he said. “In the case of law enforcemen­t officers, the data may have unique value when those law enforcemen­t officers are involved in sensitive cases, where, depending on the informatio­n stolen, it might be used to affect the outcome of such cases.”

LAPD said it would be in contact with affected members of the police force about whether there were continuing privacy concerns surroundin­g the hack.

 ?? Photograph: Reed Saxon/AP ?? Michel Moore, the Los Angeles police department chief.
Photograph: Reed Saxon/AP Michel Moore, the Los Angeles police department chief.

Newspapers in English

Newspapers from United States