The Housing Authority of the City of Los Angeles (HACLA) suffered a ransomware (opens in new tab) attack and had its data leaked to the dark web, the media reported earlier this week.
According to a BleepingComputer (opens in new tab) report, the state-chartered organization, which provides affordable housing to low-income families in LA, recently published a breach notice detailing a ransomware attack that occurred on December 31, 2022.
When the company’s IT team spotted the intrusion, they were forced to bring the servers offline and investigate the matter further.
Lurking for a year
The investigation, which was completed a month and a half later (on February 13, 2023), had shown that the threat actors might have had access to the target network and its endpoints for a full year (January 15, 2022 – December 31, 2022).
After a full year of dwell time, the hackers made away with a wide array of sensitive customer data.
This includes full names, social Security Numbers, dates of birth, passport numbers, driver’s license numbers, state ID numbers, tax ID numbers, military ID numbers, government-issued ID numbers, credit/debit card numbers, financial account numbers, health insurance information, and medical information.
The organization also said it notified affected customers by email, instructed them on how to monitor their accounts, place fraud alerts, and report potential identity theft.
On the day the breach was spotted, the infamous LockBit 3.0 ransomware gang published samples of the stolen data on its leak website, claiming responsibility for the attack. It also threatened to release the entire batch, unless its (undefined) ransom demands are met.
BleepingComputer later reported that the group leaked the entire database on January 27, but the link became inactive a month and a half later. The publication also said that there is no evidence that any other threat actors obtained this data, either.