LA Housing Org Confirms Breach After Cactus Ransomware Leaks Data

The Housing Authority of the City of Los Angeles (HACLA) confirmed that its systems were compromised following claims by the Cactus Ransomware group, which posted data allegedly stolen from the agency.

The announcement comes after Cactus released a sample of what it claims is sensitive data from HACLA's systems, sparking renewed concerns over the security of critical public service agencies.

CyberInsider contacted HACLA regarding the allegations, and we received the following statement:

“We've been affected by an attack on our IT network. As soon as we became aware of this, we hired external forensic IT specialists to help us investigate and respond appropriately. Our systems remain operational, we're taking expert advice, and we remain committed to delivering important services for low-income and vulnerable people in Los Angeles.” – HACLA

The Cactus ransomware group, which posted about the breach on its dark website, claims to have accessed 861 GB of data, including sensitive personally identifiable information (PII), database backups, financial records, and private correspondence. A data leak proof, accompanied by a partial disclosure of the stolen data, was shared on the group's onion site, targeting HACLA with a message listing PII, financial documents, and internal agency data.

HACLA, a public agency founded in 1938, provides affordable housing and essential services to low-income residents in Los Angeles, operating on a $1.9 billion budget. This breach marks the second ransomware incident affecting HACLA within a year, as it was also attacked by the LockBit ransomware group in December 2022, leading to a months-long investigation and subsequent data exposure. That incident reportedly impacted HACLA's operations and led to the leak of critical PII of residents and employees.

Commenting on the risks facing agencies like HACLA, Akhil Mittal, a cybersecurity expert at Black Duck, noted, “Authorities like HACLA are prime targets for ransomware groups because they manage sensitive data and provide essential services to vulnerable communities. Cybercriminals know that disrupting these operations puts agencies under pressure, often pushing them to pay quickly just to get services back online.”

CyberInsider is aware of a separate claim by Meow ransomware group that claimed an attack on Houston Housing Authority (HHA) just yesterday. Although we have not been able to confirm the authenticity of Meow's claims yet, the case highlights the risk these agencies face, constituting prime targets for ransomware attacks.