Hackers target L.A.’s Housing Authority in a suspected ransomware attack

A silhouette of a child is backed by an ochre and pink two-story house.
Mar Vista Gardens public housing complex in 2020, a Housing Authority of the City of Los Angeles development.
(Dania Maxwell / Los Angeles Times)

The Housing Authority of the City of Los Angeles was assessing the damage Tuesday from an apparent attack by hackers who are threatening to publish a vast store of the agency’s data they claim to have seized.

The breach surfaced Saturday when individuals who deploy the malware known as LockBit published screenshots representing what they claimed were 15 terabytes of data they have seized.

HACLA officials did not provide updates Tuesday afternoon to their Monday night statement that referred to a “cyber event.”


“We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” the statement said. “We remain committed to providing quality work as we continue to resolve this issue.

HACLA media and marketing specialist Courtney Gladney told City News Service that the agency had reported the attack to federal law enforcement but declined to say whether a ransom demand had been made.

A Times review of publicly available information on LockBit’s site on the dark web found what appeared to be a HACLA bank statement and a list of folders. The group said on the website that information would be released on Jan. 12 if a ransom were not paid. LockBit’s site claimed that the group had obtained more than 15TB of files. The folder names suggested a broad range of data ranging from sensitive to mundane — from payroll, audits and taxes to a 2021 holiday video.

The size of the data set and the structure of the folders suggested that the attack targeted a shared file storage system and not a single machine.

LockBit was described as “one of the most active and destructive ransomware variants in the world” in a criminal complaint filed by the Department of Justice against an alleged participant.

The complaint claimed that members of LockBit had made more than $100 million in ransom demands since January 2020, successfully extracting “tens of millions” from victims.


A similar attack against the Los Angeles Unified School District by hacker group Vice Society resulted in the release of thousands of files last fall when the school district refused to pay.

The attack cut staff and students off from email and knocked out systems that teachers use to post lessons and take attendance.

L.A. Unified does not collect student Social Security numbers, and officials said no employee database that stored payroll, banking, Social Security or medical information was accessed, but some contractors working in the facilities division were not so fortunate.

“By shutting down all the systems, we were able to stop the propagation of this event ... restricting its potential damage,” Supt. Alberto Carvalho said. “That was the right call at the right moment.”

In recent times, hackers have targeted businesses and public agencies, including schools — seeking ransom or simply to cause chaos. A notable local attack targeted the Newhall school system in 2020.

HACLA is one of the nation’s largest and leading public housing authorities. HACLA provides affordable housing to more than 83,000 households in its Public Housing and Section 8 rental assistance programs, and offers a range of permanent supportive housing programs for homeless households.