The Housing Authority of the City of Los Angeles (HACLA) has confirmed that its IT network was the target of a cyberattack, following claims from the Cactus ransomware gang. As one of the largest public housing authorities in the United States, HACLA plays a crucial role in providing affordable housing and assistance programs to low-income families, children, and seniors in Los Angeles. In a statement to BleepingComputer, a HACLA spokesperson acknowledged the attack and noted that the agency has engaged external forensic IT specialists to investigate the incident and respond appropriately. Despite the breach, HACLA emphasized that its systems remain operational and that it is committed to continuing its services to vulnerable populations.
While HACLA has not disclosed specific details about the timing of the attack or whether any sensitive data was exposed, the Cactus ransomware group claims to have stolen approximately 891 GB of data from the compromised network. This alleged stolen data includes personal identifiable information, database backups, financial documents, and corporate correspondence. To support its claims, the Cactus ransomware group has published screenshots of sensitive documents on its leak site, along with an archive containing the purportedly stolen files. This incident raises significant concerns about the security of sensitive information held by public agencies.
The Cactus ransomware gang has emerged as a notable threat since its inception in March 2023, employing double-extortion tactics to pressure organizations into paying ransoms. The group has breached over 260 companies to date, utilizing various methods such as purchased credentials, phishing attacks, and exploiting vulnerabilities in Internet-exposed systems. HACLA’s situation is a stark reminder of the vulnerabilities that public sector organizations face in the ever-evolving landscape of cyber threats.
This latest breach follows a prior incident in which HACLA was compromised by the LockBit ransomware group. In March 2023, it was revealed that attackers had accessed HACLA’s systems for an entire year, compromising sensitive personal information of its members, including names, social security numbers, and financial data. The LockBit group ultimately leaked all stolen files after HACLA refused to pay the ransom demanded. As HACLA navigates the aftermath of this latest attack, it underscores the pressing need for enhanced cybersecurity measures to protect sensitive information and maintain public trust in essential services.
Reference: