This Brazen LAPD Hack Is a Warning for Companies. Make Sure Yours Is Secure by Taking These Simple Steps

Hackers infiltrated the LAPD, and Fortune 500 companies are at risk, too.

BY CHLOE AIELLO, REPORTER @CHLOBO_ILO

Illustration: Getty Images

Hackers infiltrated the Los Angeles Police Department, accessing a vast trove of sensitive information about both law enforcement personnel and private citizens. The LAPD confirmed the hack in a statement dated April 7 and posted on Wednesday to social media platform X. It noted that the breach affected a digital storage system within the LA City Attorney’s Office.

“We take this incident very seriously and are working with the LA City Attorney’s Office to gain access to the impacted files to understand the full scope of the data breach,” the statement reads.

The group World Leaks was reportedly behind the breach, according to TechCrunch; the leak reportedly spanned 7.7 terabytes of information and more than 337,000 downloadable files. The compromised documents included discovery materials from previous cases—which rarely if ever are made public, and even then, only in heavily redacted formats. Such documents can include everything from witness information and health data to criminal complaints, according to The Los Angeles Times. 

Emma Best, a whistleblower and former hacker, attributed the attack in a post on Bluesky to World Leaks, a group that seeks to extort compromised organizations for ransom payments. (Best now runs DDOSecrets, a site that seeks to publish and archive leaked data for the public interest.) She noted that the leaked LAPD data was no longer visible on World Leaks’ website as of Tuesday afternoon. The Los Angeles Times reported that it isn’t clear whether World Leaks ever demanded a ransom payment or if the LAPD ultimately paid one.

How Anthropic's Claude AI Became a Co-Founder

All of this could have major implications for businesses—although there are commonsense security steps any company can take.

According to ransomware research center Halcyon, World Leaks is a high-threat group that is best known for “extortion-as-a-service.” The group is reportedly an evolution of another, now-defunct threat actor called Hunters International. The difference between the groups is that Hunters International would predominantly steal and then encrypt data, thereby paralyzing a company’s operations before demanding a ransom to decrypt the data; in other words, they were a ransomware organization. 

World Leaks, on the other hand, steals and then threatens to (or actually does) publish data, risking reputational damage to target organizations, according to cybersecurity company Blackpoint Cyber. Operating since 2025, World Leaks is known for going after companies and organizations in key sectors including healthcare, manufacturing, technology, consumer services, and energy. Although Halcyon did not name victims of the group, it did note that Fortune 500 companies and defense contractors have been targeted.

Halcyon also described the ways in which World Leaks infiltrates data. It noted that the primary method of infiltration was through VPN credentials, sometimes targeted through phishing, that lack multifactor authentication. Halcyon wrote in a post that the group targets organizations with “exposed remote access entry points,” such as VPNs and public-facing applications, and goes after groups that deal in regulated data, such as health data, which is governed by HIPAA. Although most targets are in the U.S., World Leaks has also gone after organizations in Canada, Germany, Belgium, India, and other European countries.

A blog item from cybersecurity company Fortra details some steps that companies can take to protect against similar attacks. One key way is by enforcing multi-factor authentication on remote access systems like VPNs, and keeping them up-to-date with the latest security patches, as VPNs are a common way World Leaks infiltrates the systems of its victims. The blog also recommends replacing old devices, and creating divisions within computer networks to restrict movement should a hacker gain access. Perhaps the easiest approach is by providing education to employees to better identify phishing attempts. 

Weekly roundup of the latest in tech news

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

© Inc.com