The Housing Authority of the City of Los Angeles (HACLA), a public housing authority in the US, has confirmed it was targeted in a recent cyberattack, with the Cactus ransomware gang claiming responsibility.
The cybercriminal group alleges it has stolen nearly 900 GB of sensitive data from HACLA’s network, sparking concerns about data privacy and security across the agency.
HACLA, a state-chartered agency responsible for providing affordable housing to low-income families, children, and seniors in Los Angeles, administers over 32,000 public housing units and operates on an annual budget exceeding $1 billion. The organisation said it acted promptly upon learning of the breach, engaging external forensic IT experts to investigate and respond to the incident.
A HACLA spokesperson confirmed the attack but assured that their systems remain operational.
“We’ve been affected by an attack on our IT network. As soon as we became aware, we hired external forensic IT specialists to help us investigate and respond appropriately,” they stated, further emphasising the agency’s commitment to continuing critical services for vulnerable populations in Los Angeles.
Although HACLA has not yet disclosed when the breach was detected or if any personal information was definitively compromised, Cactus ransomware operators claim to have obtained a range of sensitive data. This data reportedly includes personally identifiable information (PII), database backups, financial documents, personal data of both executives and employees, customer records, corporate confidential information, and internal correspondence. To validate their claims, the hackers have released screenshots of the allegedly stolen documents on their dark web data leak site.
Cactus ransomware first appeared in March 2023, employing double-extortion tactics and quickly gaining notoriety by listing over 260 companies on its dark website. Known for partnerships with malware distributors, the gang breaches networks by purchasing login credentials, deploying phishing attacks, or exploiting unpatched security vulnerabilities.
This incident is not the first time HACLA has fallen victim to a ransomware attack. In March 2023, it disclosed that the LockBit ransomware group had accessed its systems for nearly a year, from January 2022 to December 2022. The LockBit attack exposed the personal information of HACLA members, including Social Security numbers, driver’s licence details, contact information, financial account data, and health insurance records. Following HACLA’s refusal to pay the ransom, LockBit leaked all stolen files in January 2023.
The Cactus breach highlights ongoing cybersecurity vulnerabilities in public sector agencies, raising significant concerns over data protection and security for public housing authorities. HACLA’s proactive response to the latest incident underlines the challenges faced by agencies that manage sensitive data for low-income and vulnerable communities.