In a recent development, the Housing Authority of the City of Los Angeles (HACLA) has confirmed that its IT network was compromised in a cyberattack attributed to the Cactus ransomware gang. As one of the largest public housing authorities in the United States, HACLA provides vital services to low-income families, children, and seniors in Los Angeles, California.
The Attack
According to a spokesperson for HACLA:
“We’ve been affected by an attack on our IT network. As soon as we became aware of this, we hired external forensic IT specialists to help us investigate and respond appropriately.”
The attack had a minimal impact on HACLA’s operations, with systems remaining operational. However, the organization has not disclosed when the attack was detected or if any sensitive data was exposed or stolen during the incident.
Cactus Ransomware Claims Responsibility
The Cactus ransomware gang has claimed responsibility for the breach, stating that it allegedly stole 891 GB of files from the compromised network. According to the attackers, the stolen data includes:
- Personal Identifiable Information (PII)
- Financial documents
- Executives’ and employees’ personal data
- Customer personal information
- Corporate confidential data
- Correspondence
Stolen Data and Evidence
The Cactus ransomware gang has published some screenshots of sensitive documents on its leak site as proof, along with an archive containing allegedly stolen files. This evidence appears to support the attackers’ claims of a significant data breach.
Technical Details
- Vulnerability: The attack is believed to have occurred through exploitation of security vulnerabilities or phishing attacks.
- Malware: Cactus ransomware was used in the attack.
- Data Exposed: Personal Identifiable Information, financial documents, executives’ and employees’ personal data, customer personal information, corporate confidential data, and correspondence were allegedly stolen.
Background: Previous Breach by LockBit Ransomware Gang
HACLA was previously breached by the LockBit ransomware gang in 2022. The attack, which occurred between January 15, 2022, and December 31, 2022, exposed sensitive personal information, including names, social security numbers, contact information, driver’s licenses, credit card and financial account numbers, and health insurance and medical information.
The LockBit ransomware group leaked all stolen files on January 27, 2023, after the government agency refused to pay the ransom demanded by the cybercriminals. This incident highlights the vulnerability of public sector organizations to cyber threats.
Conclusion
The confirmed Cactus ransomware attack on HACLA serves as a reminder of the importance of robust cybersecurity measures for public sector organizations. As one of the largest public housing authorities in the United States, HACLA plays a critical role in providing essential services to vulnerable populations. It is essential that organizations like HACLA prioritize cybersecurity and take proactive steps to prevent similar incidents in the future.
Recommendations
- Conduct regular security audits and risk assessments
- Implement robust incident response plans
- Provide employee training on cybersecurity best practices
- Utilize advanced threat detection tools
- Ensure adherence to industry-standard security protocols
By taking these steps, organizations like HACLA can reduce their vulnerability to cyber threats and protect sensitive data.
