HACLA: Services at Risk
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing agencies in the United States, has confirmed a cyberattack compromising its IT network. This comes after claims by the Cactus ransomware group, which has taken responsibility for the attack.
HACLA provides affordable housing and assistance programs to low-income families, children, and seniors in Los Angeles. The agency oversees over 32,000 housing units annually, with a budget exceeding $1 billion. Following the attack, HACLA assured the public that its systems remain operational and that it has engaged external specialists to investigate and mitigate the incident.
“Our systems remain functional, and we are receiving expert guidance to ensure the continuity of essential services for vulnerable individuals in Los Angeles,” stated an HACLA spokesperson.
Data Theft: Sensitive Information Compromised
Cactus ransomware claims to have stolen 891 GB of data from HACLA. According to the cybercriminal group, the stolen information includes:
- Personally identifiable information (PII)
- Database backups
- Financial documents
- Personal details of executives and employees
- Confidential client data
- Corporate communications
To substantiate their claims, Cactus posted screenshots of sensitive documents on their leak site and uploaded a file allegedly containing portions of the stolen data.
Cactus: Persistent Threats in the Corporate Environment
Since emerging in March 2023, Cactus ransomware has carried out over 260 attacks globally using double extortion techniques. The group gains access to corporate networks by purchasing stolen credentials, launching phishing campaigns, or exploiting vulnerabilities in internet-exposed systems.
This is not the first time HACLA has been targeted by ransomware. In 2022, the LockBit ransomware group accessed HACLA’s systems for nearly a year before encrypting devices and publishing stolen data in 2023.
Implications for Government Agencies and Enterprises
This incident underscores the pressing need for robust security practices and incident response protocols in government agencies and high-impact social organizations like HACLA. The reliance of such organizations on critical technological systems makes them attractive targets for ransomware groups like Cactus, which seek sensitive data to extort and pressure victims.
HACLA has yet to confirm whether personal information of its program beneficiaries was exposed in the attack or disclose the exact detection date. However, the risk of confidential data falling into the hands of cybercriminals highlights the necessity for strong cybersecurity strategies and incident response plans to protect and ensure the resilience of sensitive organizational data.
Indicators of Compromise