Hackers post data stolen from the Housing Authority of the City of Los Angeles

Silhouettes of people are reflected on a glass along with a red sunset sky.
Personal information of thousands of Angelenos may have been exposed in a ransomware attack on Housing Authority of the City of Los Angeles.
(Genaro Molina / Los Angeles Times)

After extending a deadline for weeks in an attempt to extract a ransom, hackers have posted a trove of data seized late last year from the Housing Authority of the City of Los Angeles.

A notice posted on the dark web site LockBit late Thursday said all available data had been uploaded.

It was not immediately clear whether personally identifiable information like addresses or phone numbers was included in the documents. By Friday afternoon, the site had gone down, as Lockbit’s dark web sites often do.


HACLA, one of the nation’s largest public housing authorities, provides affordable housing to more than 83,000 households in its Public Housing and Section 8 rental assistance programs, and offers a range of permanent supportive housing programs for homeless households.

Brett Callow, a threat analyst for the New Zealand-based cybersecurity firm Emsisoft, said the hackers posted the data in two tranches, the first on March 9. A banner announcing, ‘ALL FILES UPLOADED” was then posted at 9:08 p.m. Thursday local time.

Callow, who alerted The Times to the posting, said he had not accessed the data because he had “no reason to further invade folks’ privacy.”

But he said the hackers posted an 88-megabyte text document with an index of all the files they claimed to have posted.

Students, teachers and contractors at LAUSD could have sensitive personal information on the dark web. Here are the steps you should take to protect yourself.

Oct. 3, 2022

Individuals who deploy the LockBit malware first published screenshots on Dec. 31 representing what they claimed were 15 terabytes of data they had seized and giving the housing agency until Jan. 12 to pay a ransom.

In its initial ransom demand, the group published what appeared to be a bank statement and a list of folders. The folder names suggested a broad range of data ranging from sensitive to mundane — from payroll, audits and taxes to a 2021 holiday video.


The size of the data set and the structure of the folders suggested that the attack targeted a shared file storage system and not a single machine.

The housing agency had not responded Friday afternoon to The Times’ questions about whether a ransom was paid and about what steps it had taken to notify and protect those whose information may have been exposed.

Possible illegal uses of any personal data would be identity fraud or the public disclosure of documents relating to disciplinary proceedings and alleged harassment, Callow said.

“That can obviously be very uncomfortable for the individuals involved and could even be used for blackmail,” he said.

LockBit was described as “one of the most active and destructive ransomware variants in the world” in a 2022 criminal complaint filed by the Department of Justice against an alleged participant.

The complaint claimed that members of LockBit had made more than $100 million in ransom demands since January 2020, successfully extracting “tens of millions” from victims.


A similar attack against the Los Angeles Unified School District by hacker group Vice Society resulted in the release of thousands of files last fall when the school district refused to pay.

The attack cut staff and students off from email and knocked out systems that teachers use to post lessons and take attendance.