The Housing Authority of the City of Los Angeles (HACLA) suffered a year-long data breach and ransomware attack by Lockbit in 2022

(Image source: HACLA, 2022)

One-sentence summary:

In 2022, Lockbit breached the Housing Authority of the City of Los Angeles (HACLA) and the sensitive data of its citizens for over a year before deploying ransomware.

Who was involved?

Housing Authority of the City of Los Angeles (HACLA), Lockbit ransomware group, and an unknown number of data victims.

What was the timeline?

January 15, 2022: Lockbit breach starts

December 31, 2022: Breach ends after HACLA discovers the breach (when the ransomware was deployed). Lockbit uploads exfiltrated breach samples online (Toulas, 2023, para. 9).

February 13, 2023: HACLA completes their investigation

March 11, 2023: Breach notice is posted on HACLA’s website

What occurred?

Lockbit breached HACLA in January 2022, maintaining nearly a year-long persistence in their environment before deploying ransomware. HACLA discovered Lockbit after their systems were encrypted and ransomware was deployed. Breached information included: “name, Social Security number, date of birth, passport number, driver’s license number or state identification number, tax identification number, military identification number, government issued identification number, credit/debit card number, financial account number, health insurance information, and medical information” (HACLA, 2023, p. 1).

Estimated costs:

Incident response costs, operational costs, 7-day week call center.

Involved laws:

Federal: HIPAA and HITECH.

California: CCPA and Cal. Civ. Code § 1798.29(a)

Root cause:

TBA or N/A (see disclaimer)

Lessons learned:

TBA or N/A (see disclaimer)

Sources:

HACLA. (2022, October). hacla.jpg. easthollywood.net. https://www.easthollywood.net/wp-content/uploads/2022/10/hacla.jpg

HACLA. (2023). NOTICE OF DATA SECURITY EVENT. In The Housing Authority of the City of Los Angeles (“HACLA”). The Housing Authority of the City of Los Angeles (“HACLA”). Retrieved March 14, 2023, from https://www.hacla.org/sites/default/files/Documents/HACLA%20-%20Website%20Notice%20-%20English%20Final.pdf

Toulas, B. (2023, March 13). LA housing authority discloses data breach after ransomware attack. BleepingComputer. Retrieved March 14, 2023, from https://www.bleepingcomputer.com/news/security/la-housing-authority-discloses-data-breach-after-ransomware-attack/

Commentary:

I could not find any relevant breach reports on HHS or California’s OAG portal. They have not given an estimate or enumeration of breach victims at this time. I anticipate updating this post if/when they provide that information.

About Post Author

Kyler Kent CISSP

I am a Threat Hunting and Intelligence Specialist and am a progressive, aspiring cyber leader. I am currently based in Dallas, with a holistic and multidisciplinary background. I am a lifelong learner– constantly seeking education and training opportunities. I maintain several cybersecurity and IT certifications. I also maintain two Texas DPS private security licenses. Finally, I have a master’s degree from Georgetown University’s SCS Cybersecurity Risk Management program. https://linktr.ee/kentprotect.com Corrections: [email protected]

http://kylerkent.com