Los Angeles Housing Authority Hit By Ransomware Attack

Local officials confirmed on Tuesday that the Housing Authority of the City of Los Angeles (HACLA) has been subject to a cyber attack.

The hacker group Lockbit claimed responsibility for a ransomware attack on Dec. 31, posting images of purported HACLA databases containing 15 terabytes worth of stolen data. They said they will publish the data on the dark web on Jan. 12 if their payment demands are not met.

A statement from HACLA acknowledged the incident, calling it a “cyber event that resulted in disruption to our systems.”

“We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” the HACLA statement said. “We remain committed to providing quality work as we continue to resolve this issue.”

Keep up with LAist.

If you're enjoying this article, you'll love our daily newsletter, The LA Report. Each weekday, catch up on the 5 most pressing stories to start your morning in 3 minutes or less.

Subscribe

It’s unclear how HACLA systems were breached and exactly what information was stolen.

It’s not the only local housing authority to find itself subject to a ransomware attack. In recent years, hackers have infiltrated the Indianapolis Housing Agency, the Cuyahoga Metropolitan Housing Authority in Ohio and the Bremerton Housing Authority in Washington state.

What Happens Next

Nick Merrill, a research fellow at the UC Berkeley Center for Long-Term Cybersecurity, believes HACLA is unlikely to cave to the hackers’ payment demands. But he says it’s not surprising that the agency was targeted.

“Lockbit believes that this is going to be a low-cybersecurity resource organization,” Merrill said. In the hackers’ minds, he said, local housing authorities are “not only easy to penetrate, but they are likely to pay because they don't have the capacity to recover from a ransomware attack.”

This is the second major attack on L.A.’s public sector over the past year. The Los Angeles Unified School District was hit by a ransomware attack in September, and students’ personal information was posted in October after school administrators refused to pay.

Thousands Of Angelenos Rely On HACLA 

As a key agency in addressing L.A.’s affordable housing crisis, HACLA interacts with thousands of low-income residents across the city.

The housing authority maintains more than 6,300 units of public housing where tenants can pay rent using their bank account or credit card information through HACLA’s online payment portal.

HACLA also oversees the city’s Section 8 housing voucher program, which provides subsidies to more than 43,700 households renting apartments on the private market. The city’s Section 8 waitlist recently reopened for the first time in five years, and received more than 223,000 applications for vouchers.

UC Berkeley’s Merrill said beyond the personal information that could be exposed in this breach, the attack could further erode trust in government agencies.

“Now HACLA has lost some credibility,” Merrill said. “Defense is about more than people's privacy issues. It's about creating the effect of a predictable and reliable society with services we can depend on.”